Merge pull request #52 from clem9669/patch-1

Update hacking-jwt-json-web-tokens.md
2021-01-07 15:38:52 +01:00 · 2021-01-07 15:38:52 +01:00 · c278751db2
commit c278751db2
parent 8ef762b8f9 34ed1c60cc
1 changed files with 1 additions and 1 deletions
--- a/pentesting-web/hacking-jwt-json-web-tokens.md
+++ b/pentesting-web/hacking-jwt-json-web-tokens.md
@ -51,7 +51,7 @@ The algorithm RS256 uses the private key to sign the message and uses the public

 If you change the algorithm from RS256 to HS256, the back end code uses the public key as the secret key and then uses the HS256 algorithm to verify the signature.

-Then, using the public key and changing SR256 to HS256 we could create a valid signature. You can retrieve the certificate of the web server executing this: 
+Then, using the public key and changing RS256 to HS256 we could create a valid signature. You can retrieve the certificate of the web server executing this: 

 ```bash
 openssl s_client -connect example.com:443 2>&1 < /dev/null | sed -n '/-----BEGIN/,/-----END/p' > certificatechain.pem #For this attack you can use the JOSEPH Burp extension. In the Repeater, select the JWS tab and select the Key confusion attack. Load the PEM, Update the request and send it. (This extension allows you to send the "non" algorithm attack also). It is also recommended to use the tool jwt_tool with the option 2 as the previous Burp Extension does not always works well.