RSA and ECDSA key generation, and reconstruction (from JWKS files).Forging new token header and payload contents and creating a new signature with the key or via another attack method.Identifying weak keys via a High-speed Dictionary Attack.Testing the validity of a secret/key file/Public Key/JWKS key.Fuzzing claim values to provoke unexpected behaviours.Scanning for misconfigurations or known weaknesses. (CVE-2020-28042) Null signature vulnerability.(CVE-2018-0114) Key injection vulnerability.(CVE-2016-10555) The RS/HS256 public key mismatch vulnerability.(CVE-2015-2951) The alg=none signature-bypass vulnerability.Jwt_tool.py is a toolkit for validating, forging, scanning and tampering JWTs (JSON Web Tokens).
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |