Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

JWT authentication bypass via algorithm confusion

Lzzap | Last updated: Aug 03, 2022 06:06AM UTC

Hi! I was working on the lab JWT authentication bypass via algorithm confusion and i did everything in the solution and also I've watched couple of youtube solution and trace exactly the same steps but it is not working for me. I dont know if something is slipping out of my eye, here is my steps; I copy the public key from jwks.json I add it into a new RSA key in a format of JWK then copy the PEM I base64 encode PEM than paste it in a new symmetric key as k parameters value I then change the alg: to HS256 , sub to administrator sign the request with the don't modify header option selected and send the request . I am still getting an unauthorized response . PS. I also did everything in the solution for JWT authentication bypass via flawed signature verification and i couldn't solve it still.

Liam, PortSwigger Agent | Last updated: Aug 03, 2022 01:03PM UTC

Thanks for your message, Lzzap. The labs are passing in our testing. Keep trying!

Wong | Last updated: May 25, 2023 07:31AM UTC

docker run --rm -it portswigger/sig2n <token1> <token2> got this error: Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg. Error: short-name "portswigger/sig2n" did not resolve to an alias and no unqualified-search registries are defined in "/etc/containers/registries.conf"

Ben, PortSwigger Agent | Last updated: May 25, 2023 09:36AM UTC

Hi, Are you able to clarify what you are trying to do?

albert | Last updated: May 25, 2024 06:10PM UTC