Portswigger Academy JWT Labs

Introduction

What?

JSON web tokens (JWTs) are a standardised format for sending cryptographically signed JSON data between systems. They can theoretically contain any kind of data, but are most commonly used to send information (“claims”) about users as part of authentication, session handling, and access control mechanisms.

JWTs are a popular choice for highly distributed websites where users need to interact seamlessly with multiple back-end servers.

Why?

Design issues and flawed handling of JSON web tokens (JWTs) can leave websites vulnerable to a variety of high-severity attacks. As JWTs are most commonly used in authentication, session management, and access control mechanisms, these vulnerabilities can potentially compromise the entire website and its users.

How?

• JSON web tokens attacks

• JWT authentication bypass via unverified signature

• JWT authentication bypass via flawed signature verification

• JWT authentication bypass via weak signing key

• JWT authentication bypass via jwk header injection

• JWT authentication bypass via jku header injection

• JWT authentication bypass via kid header path traversal

• JWT authentication bypass via algorithm confusion

• JWT authentication bypass via algorithm confusion with no exposed key