Burp Suite User Forum

Login to post

JWT authentication bypass via algorithm confusion

Lzzap | Last updated: Aug 03, 2022 06:06AM UTC

Hi! I was working on the lab JWT authentication bypass via algorithm confusion and i did everything in the solution and also I've watched couple of youtube solution and trace exactly the same steps but it is not working for me. I dont know if something is slipping out of my eye, here is my steps; I copy the public key from jwks.json I add it into a new RSA key in a format of JWK then copy the PEM I base64 encode PEM than paste it in a new symmetric key as k parameters value I then change the alg: to HS256 , sub to administrator sign the request with the don't modify header option selected and send the request . I am still getting an unauthorized response . PS. I also did everything in the solution for JWT authentication bypass via flawed signature verification and i couldn't solve it still.

Liam, PortSwigger Agent | Last updated: Aug 03, 2022 01:03PM UTC

Thanks for your message, Lzzap. The labs are passing in our testing. Keep trying!

You need to Log in to post a reply. Or register here, for free.