ATTACKING JWT’S WITH A CUSTOM SQLMAP TAMPER SCRIPT Automating the Attack with SQLmap and a Custom Tamper Script Let’s review what I know and where I’m at in capturing the flag: The web server is NodeJS Express The database is SQLite The hole in the wall is the JSON Web Token. The JWT username field is vulnerable…
ATTACKING JWT’S WITH A CUSTOM SQLMAP TAMPER SCRIPT The Path of Attack After reading the documentation on JWT’s, I decided that this will be my next path of attack. There were a few hints to push me down this path. First, I looked up JWT vulnerabilities. Most attack techniques go after the algorithm for signing…
ATTACKING JWT’S WITH A CUSTOM SQLMAP TAMPER SCRIPT Digging Deeper into the Code Lets start to look under the hood of the site some more. Maybe the developers left a comment in the website code pointing to a hole. Maybe some JavaScript gets loaded that holds the vulnerability. Whatever it is, I have to look…
ATTACKING JWT’S WITH A CUSTOM SQLMAP TAMPER SCRIPT First look I know the challenge is a website so open up the IP:Port address in a browser. It forwards to /auth: I’m given a simple login screen (user and password) with two buttons, “Login” and “Register”. First, lets see how it is supposed to work and then…
Attacking JWT’s with a Custom SQLmap Tamper Script Introduction If you’ve ever watched a movie or TV show that involves computer “hacking”, you’ll recognize these scenes. Someone wearing a hoody (of course) hunched over six monitors of scrolling text, frantically typing and instantly programming some complex code to break past a firewall. My favourite (facepalming)…
