MAZIN AHMED, 2019FULLHUNT.IO
Practical Approaches forTesting and BreakingJWT Authentication
h t t p s : / / c y b e r w e e k . a e
2
$> WHOAMIv Mazin Ahmed• Freelancing Penetration Tester / InfoSec Specialist
• Founder & CEO @ FullHunt, the next generation vulnerability
intelligence platform
• Ex-Security Engineer @ ProtonMail
• Occasional Bug Bounty Participant
• Top 10 researchers of Bugcrowd @ 2014
• Acknowledged by Facebook, Twitter, Oracle, LinkedIn, and many…
3
{Story}
4
$> AGENDA• What is JWT?• How it Works?• Web Implementations• Attacking JWT• Current Toolsets• Introducing JWT-PWN• Recommendations for Implementing Secure JWT
5
$> WHAT IS JWT?• RFC-7519• Proposed @ May 2015• JSON Object + Digital Signature = JWT
6
$> JWT
[ Base64(HEADER) ] . [ Base64(PAYLOAD) ] . [ Base64(SIGNATURE) ]
7
$> JWTChunk 1: Header{"alg": "HS256", "typ": "JWT"}
Chunk 2: Payload{"sub": "1234567890", "name": "Mazin", "admin": true}
8
$> JWT - SIGNATURE
HMACSHA256(base64UrlEncode(header)+ "." +
base64UrlEncode(payload), KEY)
9
$> JWT
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
10
$> WEB IMPLEMENTATION
11
Attacking JSON Web TokensHack The Planet?Episode: JWT
12
1. Brute-Force Secret Keys
13
2. Signing a new token with the “none” algorithm
14
3. Changing the Signing Algorithm of the Token
15
JWT Testing Tools
16
$> JWT TOOLS: JWT_TOOL• Jwt_tool (https://github.com/ticarpi/jwt_tool)
• Uses linear approach for cracking, still quite fast!• Number of attacks covered.• Custom parsing for Base64 strings, not official JWT libraries.
17
$> JWT TOOLS: C-JWT-CRACKER• C-jwt-cracker (https://github.com/brendan-rius/c-jwt-cracker)
• JWT brute force cracker written in C• Unstable - Buggy libraries
From the project repository:
18
$> JWT TOOLS: JWT-CRACKER• jwt-cracker (https://github.com/lmammino/jwt-cracker)
• Simple HS256 JWT token brute force cracker.• No dictionary attack support.• Only made for HS256.
19
Introducing JWT-PWN
20
$> JWT-PWN• Simple Scripts.• Covering all discussed attacks.• Automated approach.• Using official/main JWT libraries.• Includes a JWT secret-key cracker, with software engineering in
mind.• Beta release!
21
$> JWT-PWN: JWT-DECODER.PY
22
$> JWT-PWN: JWT-ANY-TO-HS256.PY
23
$> JWT-PWN: JWT-MIMICKER.PY
24
$> JWT-PWN: JWT-CRACKER.PY
25
$> JWT-PWN: JWT-CRACKER-GO
27
JWT-PWNhttps://github.com/mazen160/jwt-pwn
28
$> RECOMMENDATIONS• Always verify the JWT Header.• Always verify the JWT “alg” key in the JWT header.• Never trust the “none” algorithm for signing. • Whitelist the used algorithm, and always verify it.• Rotate your signing keys periodically.• Don’t expose important client-data in JWT; it can be decoded.• Add a claim for “Expiration” to overcome the non-expiration issue in
the stateless protocol.• Key-size matters.
29
Thank you
Mazin AhmedTwitter: @mazen160Website: MazinAhmed.net
30
Questions?
Mazin AhmedTwitter: @mazen160Website: MazinAhmed.net
Top Related