Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/jas502n/JWT_Brute
JWT_Brute
https://github.com/jas502n/JWT_Brute
Last synced: 21 days ago
JSON representation
JWT_Brute
- Host: GitHub
- URL: https://github.com/jas502n/JWT_Brute
- Owner: jas502n
- Created: 2019-10-10T07:17:58.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2019-10-10T07:47:16.000Z (about 5 years ago)
- Last Synced: 2024-08-05T17:32:58.838Z (4 months ago)
- Size: 302 KB
- Stars: 32
- Watchers: 3
- Forks: 9
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - jas502n/JWT_Brute - JWT_Brute (Others)
README
# JWT_Brute
## Example
`eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoibmFuYSIsImFjdGlvbiI6InVwbG9hZCJ9.56wwCrB9tIgmUnYpLPxkO8GYj1soCjuu_skTlbH_Gg8`
```
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 >> base64 decode >> {"alg":"HS256","typ":"JWT"}eyJ1c2VyIjoibmFuYSIsImFjdGlvbiI6InVwbG9hZCJ9 >> base64 decode >> {"user":"nana","action":"upload"}
56wwCrB9tIgmUnYpLPxkO8GYj1soCjuu_skTlbH_Gg8 >> 需要指定key 加密得到
```![](./jwt_brute_success.png)
## jwt io网站验证也是同样结果
![](./jwt-io.jpg)
## python usage:
`python3 jwt_brute.py 4.txt `
```
root@kali:~/jwt# python3 jwt_brute.py 4.txt___ _______ ____ _
| \ \ / /_ _| | __ ) _ __ _ _| |_ ___
_ | |\ \ /\ / / | | | _ \| '__| | | | __/ _ \
| |_| | \ V V / | | | |_) | | | |_| | || __/
\___/ \_/\_/ |_| |____/|_| \__,_|\__\___|
Usage: python3 jwt.py dict.txt
For Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoibmFuYSIsImFjdGlvbiI6InVwbG9hZCJ9.56wwCrB9tIgmUnYpLPxkO8GYj1soCjuu_skTlbH_Gg8This key is >>> $admin$
_________________________________________________________________________________________________________________________________________Please Input Your Encode JWT Str= eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoibmFuYSIsImFjdGlvbiI6InVwbG9hZCJ9.56wwCrB9tIgmUnYpLPxkO8GYj1soCjuu_skTlbH_Gg8 try admin
jwt.decode={'user': 'nana', 'action': 'upload'}bingo11! found key --> $admin$ <--
root@kali:~/jwt#```
## 参考链接
https://www.freebuf.com/vuls/211842.html
https://jwt.io/