Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Login to post

JWT authentication bypass via algorithm confusion

Lzzap | Last updated: Aug 03, 2022 06:06AM UTC

Hi! I was working on the lab JWT authentication bypass via algorithm confusion and i did everything in the solution and also I've watched couple of youtube solution and trace exactly the same steps but it is not working for me. I dont know if something is slipping out of my eye, here is my steps; I copy the public key from jwks.json I add it into a new RSA key in a format of JWK then copy the PEM I base64 encode PEM than paste it in a new symmetric key as k parameters value I then change the alg: to HS256 , sub to administrator sign the request with the don't modify header option selected and send the request . I am still getting an unauthorized response . PS. I also did everything in the solution for JWT authentication bypass via flawed signature verification and i couldn't solve it still.

Liam, PortSwigger Agent | Last updated: Aug 03, 2022 01:03PM UTC

Thanks for your message, Lzzap. The labs are passing in our testing. Keep trying!

Wong | Last updated: May 25, 2023 07:31AM UTC

docker run --rm -it portswigger/sig2n <token1> <token2> got this error: Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg. Error: short-name "portswigger/sig2n" did not resolve to an alias and no unqualified-search registries are defined in "/etc/containers/registries.conf"

Ben, PortSwigger Agent | Last updated: May 25, 2023 09:36AM UTC

Hi, Are you able to clarify what you are trying to do?

You need to Log in to post a reply. Or register here, for free.