Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum will be discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Centre. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTRE DISCORD

Create new post

JWT authentication bypass via kid header path traversal : 401 unauthorized

Yuyu | Last updated: Sep 23, 2024 04:24PM UTC

I followed the steps but still getting 401 unauthorized. Could you please check

Yuyu | Last updated: Sep 23, 2024 04:26PM UTC

Header { "kid": "../../../../../../../dev/null", "alg": "HS256" } Payload { "iss": "portswigger", "exp": 1727111052, "sub": "administrator" } Sign with a new symmetric key { "kty": "oct", "kid": "0e250ada-0fb8-4369-b71c-d736cfdc7fda", "k": "AA==" }

Yuyu | Last updated: Sep 23, 2024 04:56PM UTC

I noticed the signature did not update when i sign with a new key. Looks like a bug on "JWT editor". All signatures get updated except when i sign with a new "symmetric key". - I use version 2.3 (updated 11 sep 2024)

Michelle, PortSwigger Agent | Last updated: Sep 24, 2024 10:15AM UTC

Hi Thanks for getting in touch. We've just replied to your email, there are a few details we need to gather about your setup.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.