Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jas502n/JWT_Brute

JWT_Brute
https://github.com/jas502n/JWT_Brute

Last synced: 21 days ago
JSON representation

JWT_Brute

Awesome Lists containing this project

README

        

# JWT_Brute

## Example

`eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoibmFuYSIsImFjdGlvbiI6InVwbG9hZCJ9.56wwCrB9tIgmUnYpLPxkO8GYj1soCjuu_skTlbH_Gg8`

```
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 >> base64 decode >> {"alg":"HS256","typ":"JWT"}

eyJ1c2VyIjoibmFuYSIsImFjdGlvbiI6InVwbG9hZCJ9 >> base64 decode >> {"user":"nana","action":"upload"}

56wwCrB9tIgmUnYpLPxkO8GYj1soCjuu_skTlbH_Gg8 >> 需要指定key 加密得到
```

![](./jwt_brute_success.png)

## jwt io网站验证也是同样结果

![](./jwt-io.jpg)

## python usage:

`python3 jwt_brute.py 4.txt `

```
root@kali:~/jwt# python3 jwt_brute.py 4.txt

___ _______ ____ _
| \ \ / /_ _| | __ ) _ __ _ _| |_ ___
_ | |\ \ /\ / / | | | _ \| '__| | | | __/ _ \
| |_| | \ V V / | | | |_) | | | |_| | || __/
\___/ \_/\_/ |_| |____/|_| \__,_|\__\___|

Usage: python3 jwt.py dict.txt

For Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoibmFuYSIsImFjdGlvbiI6InVwbG9hZCJ9.56wwCrB9tIgmUnYpLPxkO8GYj1soCjuu_skTlbH_Gg8

This key is >>> $admin$
_________________________________________________________________________________________________________________________________________

Please Input Your Encode JWT Str= eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoibmFuYSIsImFjdGlvbiI6InVwbG9hZCJ9.56wwCrB9tIgmUnYpLPxkO8GYj1soCjuu_skTlbH_Gg8 try admin
jwt.decode={'user': 'nana', 'action': 'upload'}

bingo11! found key --> $admin$ <--
root@kali:~/jwt#

```

## 参考链接

https://www.freebuf.com/vuls/211842.html

https://jwt.io/