Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ropwareJB/jwtfuzz

Library for fuzzing & attacking JSON Web Tokens (JWTs). Bindings for other languages included.
https://github.com/ropwareJB/jwtfuzz

bug-bounty bug-bounty-tools bugbounty fuzz fuzzing hacking hacking-tool jwt jwt-token pentesting pentesting-tools security

Last synced: 14 days ago
JSON representation

Library for fuzzing & attacking JSON Web Tokens (JWTs). Bindings for other languages included.

Host: GitHub
URL: https://github.com/ropwareJB/jwtfuzz
Owner: ropwareJB
License: mit
Created: 2022-06-22T12:27:13.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2022-11-11T05:26:18.000Z (almost 2 years ago)
Last Synced: 2023-04-01T13:43:40.627Z (over 1 year ago)
Topics: bug-bounty, bug-bounty-tools, bugbounty, fuzz, fuzzing, hacking, hacking-tool, jwt, jwt-token, pentesting, pentesting-tools, security
Language: Haskell
Homepage:
Size: 53.7 KB
Stars: 4
Watchers: 1
Forks: 0
Open Issues: 13
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        
# JwtFuzz

A Library for fuzzing & attacking JSON Web Tokens (JWTs) for use in Penetration Testing and security auditing. Bindings for other languages included.

## Using as a Binary

The `jwtfuzz-exe` binary can be used to generate a series of 'bad' JWT input with various modifications applied, including null signatures, swapped algorithms, psychic signatures, etc. Simply provide a JWT of valid form to stdin;

```

> echo "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c" | ./jwtfuzz-exe

...ommitted...

eyJhbGciOiJOT05FIiwidHlwIjoiSldUIn0.eyJpYXQiOjE1MTYyMzkwMjIsIm5hbWUiOiJKb2huIERvZSIsInN1YiI6IjEyMzQ1Njc4OTAifQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c=

...ommitted...

```

## Using as a Binary via Docker

The binary is distributed as a docker container hosted on DockerHub.

```

echo "eyJhbGciOiJIUzI1NiI..." | docker run -i cortisol/jwtfuzz 

```

## Using as a Library

The fuzzing functions are also provided as a Unix Shared Library (.so) and Windows DLL.

You can call the library from C or any language in which you can utilize dynamic-library or a Foreign Function Interface (FFI). An example may be found in the `./so/test` directory, which demonstrates usage in C.

This module requires that the `jwtfuzz_init()` function is called to initialize the GHC runtime before you call any of the other library functions. Following, you may call `char** fuzzjwt_fuzz(char** err_ptr, char* jwt)` to generate a series of malicious input.

#### Handling Errors

`err_ptr` should be initialized to NULL prior to calling `fuzzjwt_fuzz` and associated functions. If an error occurred, this variable will be populated with a pointer to a string allocated on the Heap describing an error that occurred.

#### Memory Allocation

Usage of this library allocates memory on the Heap. After consumption of the returned JWTs and `err_ptr`, they must be free'd or you will have a memory leak (overconsumption, not disclosure) in your program whenever you fuzz a JWT. Please see `./so/test/main.c` for an example.

You may use the `void jwtfuzz_free(char* err, char** jwts)` function to deallocate all memory once you have processed the output.

## Dependencies

#### Compilation

- Requires forked hpack (PR open to hpack):

https://github.com/sol/hpack/pull/518

#### Runtime

- Requires libjwt

```bash

# OSX

brew install libjwt

# Linx

# TODO: ?????

```

#### Binary

```

make bin

```

#### Shared Library

```

make so

```

### Inspiration

Thanks to Alex Wells for his very useful original JWT Fuzz utility on his blog:

https://node-security.com/posts/jwt-fuzzing/