CVE-2015-9235

Explore and learn about JWT vulnerabilities through hands-on security labs. Perfect for cybersecurity enthusiasts, developers, and learners!

JWT Hacking Lab 🛠️ Welcome to the JWT Hacking Lab! This project is a fantastic hands-on playground designed to help you dig deep into the world of JSON Web Token (JWT) security 😎 🚀 Labs and Learning Objectives 🎯 Our labs, each focusing on a specific JWT-related vulnerability, are as follows: Secrets Under the Rug: Exploiting Weak HMAC Secrets 🤫: This lab tea

ENGLISH Description This application allows you to replace a value in a JSON Web Token (JWT) using the HMAC-SHA256 method to recalculate the signature It takes as input a token, a key to replace, and the new value associated with that key Usage Clone or download the application's source code git clone githubcom/WinDyAlphA/CVE-2015-9235_JWT_key_confusion cd CVE-

JWT Key Confusion PoC (CVE-2015-9235) Written for the Hack the Box challenge - Under Construction

JWT Key Confusion PoC (CVE-2015-9235) Written for the Hack the Box challenges - Under Construction and Secret Both included scripts perform a Java Web Token Key Confusion Attack (CVE-2015-9235) To perform the attack it is required that the attacker know the public key which the server will use to verify the signature as well as the server being configured to use the HS256 algo

JWT_hacking None algorithm attack – CVE-2015-9235 This attack targets an option in the JWT standard for producing unsigned keys The output literally omits any signature portion after the second dot Due to weaknesses in some libraries or server configurations, a service may read our tampered request, see that it does not need to be signed, and then just accept it on t

Powershell JWT module

Powershell JWT module Description Create, validate and decode JWT in PowerShell easily Supported algorithms: Symmetric Key HS256 HS384 HS512 Asymmetric Key RS256 RS384 RS512 Install This module is published on the PowerShell Gallery To install it, you can run the following command: Install-Module powershell-jwt To update an instal

This is a fictitious webapp which is vulnerable and part of the Capstone project for CY7900-2023 spring

vuln-web-app This is a fictitious app which is vulnerable and part of the Capstone project for CY7900-2023 spring Machine requirements: Node: v18110 npm: v8192 pm2: 522 # The versions can change depending on the time of implementation Dependencies: "dependencies": { "jsonwebtoken": "^040",

Challenge all challenge is about make gift coupon system for users that each user can only use one coupon what features this web application has? jwt authentication throttling api calls with Redis User action log Unit test with pytest dockerized Installation 1git clone githubcom/MR-SS/challengegit 2cd challenge 3docker-compose up --build -d now open ht