Whenever a new application or technology becomes prevalent, attackers are bound to make it a target. JavaScript Object Notation, or JSON, is no exception. JSON is a widespread data format used within many applications to share data, and threat actors have found numerous ways to exploit it.
JSON Web Tokens, or JWTs, make it possible to exchange data securely. Because JWTs can be signed and verified, they are commonly used to provide methods of authorization. Unfortunately, depending on how JWTs are implemented, they can also be valuable targets for attackers.
Fortunately, with some insight and planning, JWTs can be properly secured. To make hardening JWTs easier, Fraser Winterborn of the BlackBerry Security Research Group recently created and published a new tool that’s simple to use. It’s also free.
Named JWT Editor, the tool works as a Burp Suite extension, and as a standalone application. It makes it possible to edit, sign, and verify JWTs, as well as to encrypt and decrypt them.
When operated from within the Burp Suite, JWT Editor will automatically find and provide for in-line editing for JWT tokens within HTTP requests and responses. JWT editor also offers automation that helps security teams harden their JWT usage.
When operated as a standalone application, JWT Editor enables all the same functionality as when used from within the Burp Suite, but also makes it possible for local (or offline) JWTs to be inserted into JWT Editor. A command-line option converts PEM-formatted public and private keys to JWK format.
“None” Signing Algorithm
The JWT Editor automates three common attacks against JSON Web Signatures (JWS). The first of these is the “none” signing algorithm attack, which takes advantage of the JWS standard that makes it possible to use “none” as an accepted signing algorithm. This signing algorithm is only supposed to be used when the validity of the JWS has already been established in some other way. Unfortunately, some libraries treat this as a valid signing. JWS Editor automates the stripping of the signature value from a JWS.
HMAC Key Confusion
The second attack JWT Editor addresses is HMAC key confusion. Because each algorithm within JWS has requirements for specific key types, there are some implementations where JWS header information differs from the specified key type algorithm. This attack makes it possible for attackers to forge signatures that the server will accept.
Embedded JWK Attack
Finally, the software helps prevent embedded JWK attacks. JWS defines a “jwk” field within the header, which is used to send a public key to a recipient. While that may be fine in most cases, it’s also possible for this field to be incorrectly used by library implementations as a source key for signature verification. By creating a new key, attackers can embed it for verification within the header, and then after they sign the JWS payload, they can create JWT payloads that can be used for malicious purposes.
JWT Editor also comes equipped with a command-line interface that converts generated keys.
As part of our mandate within BlackBerry Product Security, we are constantly challenging ourselves to help evolve the practice of securing products, and there was a great opportunity here to develop tooling to improve our ability to support our products and customers as well as to provide a useful tool to the industry at large.
JWT Editor can be downloaded here from PortSwigger.