Home

Awesome

JWT Editor

JWT Editor is a Burp Suite extension which aims to be a Swiss Army Knife for manipulating JSON Web Tokens (JWTs) within Burp Suite. It provides detection of JWTs within both HTTP and WebSocket messages and allows for their editing, signing, verifying, encryption and decryption. Additionally it facilitates several well-known attacks against JWT implementations.

Overview

JWT Editor adds the follow functionality:

Changelog

2.3 2024-08-05

2.2.2 2024-07-12

2.2.1 2024-05-06

2.2 2024-02-29

2.1.1 2024-01-22

2.1 2024-01-01

2.0.2 2023-12-13

2.0.1 2023-10-30

2.0 2023-07-08

Forked from Fraser Winterborn's version (original repository).

Loading JWT Editor

The easiest way of obtaining JWT Editor is via Burp Suite's BAppStore. See Burp Suite's documentation for additional details.

JWT Editor Tab

The top level JWT Editor tab allows cryptographic keys to be imported/exported, generated and converted between JWK and PEM formats. Keys are stored within Burp Suite user options so are persisted between sessions.

<img src="gitimg/keys.png" width="600"/>

New keys can be created using the buttons to the top right of the panel, which will bring up the relevant dialog. Existing keys can be edited by double clicking on the corresponding row within the keys table.

<img src="gitimg/key_view.png" width="400"/>

Additional options can be found via the keys table context menu.

<img src="gitimg/key_context.jpg" width="400"/>

Using these options the selected key can either be deleted or exported to the clipboard.

JSON Web Token Tab

The HTTP message editor JSON Web Token tab allows modification of JWTs within Burp Suite message editors.

<img src="gitimg/editor.png" width="600"/>

The editor view has two layouts, JWS and JWE, which are selected depending on whether a JSON Web Signature or JSON Web Encryption is detected.

Editable Fields

A JSON text editor is provided to edit each of the JWS and JWE components that contain JSON content:

A hex editor is provided to alter each of the JWS and JWE fields that contain binary content:

Sign

Sign presents a signing dialog that can be used to update the Signature by signing the JWS Header and Payload using a key from the JWT Editor Tab that has signing capabilities

<img src="gitimg/sign.png" width="400"/>

Verify

Verify will attempt to verify the Signature of a JWS Header and Payload using any key that is capable of verification from the JWT Editor Tab. A dialog will be presented with the result of the verification operation.

<img src="gitimg/verify.png" width="600"/>

Encrypt

Encrypt presents an encryption dialog that can be used to encrypt the JWS Header, Payload and Signature fields to produce a JWE using a key from the JWT Editor Tab that is capable of encryption.

Encrypting a JWS will change the editor mode to JWE to allow modification of the JWE components after encryption.

<img src="gitimg/encrypt.png" width="400"/>

Decrypt

Decrypt will attempt to use the keys configured in the JWT Editor Tab that are capable of decryption to decrypt the content of a JWE to produce a JWS.

Decrypting a JWE will change the editor mode to JWS to allow modification of the JWS components after decryption.

Attack

The Attack option implements several well-known attacks against JSON Web Signatures:

These are described in more detail below.

Format JSON

The Format JSON option on JSON fields automatically corrects the spacing and indentation of the JSON document.

Compact JSON

The handling of whitespace and newlines is important for a JSON Web Signature, as the encoded bytes of the JSON document are used to form the signature field. The Compact JSON option is used to control how the content of the JSON fields will be serialized.

When enabled, whitespace and newlines will be automatically stripped from the JSON document before serialization. When disabled, whitespace and newlines will be preserved.

This option is automatically enabled if it is detected that the original JWT did not contain whitespace or newlines.

Building JWT Editor from source

JWT Editor can be built from source.

Supported Algorithms

The following JWK types are supported:

See here for more details.

Attacks

The JWT Editor automates several common attacks against JSON Web Signatures.

'none' Signing Algorithm

The value 'none' is defined in the JWA standard as an accepted signing algorithm for JWS. This is intended for use where an out-of-band method has been used to already verify the integrity of the JWS. However, some libraries have been found to treat this as a valid algorithm when processing a JWS.

This attack automates stripping of the signature value from a JWS.

HMAC Key Confusion

Each algorithm within JWS has a required key type (RSA, EC, OKP or oct). A vulnerability has been identified within JOSE implementations where the key type provided in a JWS header does not match that of the algorithm specified. An attacker that provides a symmetric HS256/384/512 'alg' value with a asymmetric 'kty' (EC, RSA, OKP) value may cause the validating library to use the asymmetric public key as the symmetric key input to a HMAC signature validation. As the public key is known to the attacker, the attacker can use the public key as the input to their HMAC signature and forge a signature which is accepted by the server.

The tool implements this attack using the steps outlined at https://www.nccgroup.com/ae/about-us/newsroom-and-events/blogs/2019/january/jwt-attack-walk-through/.

Embedded JWK

JWS defines a 'jwk' field within the Header which is used for the ECDH-ES algorithms as a method of transporting the public key to the recipient. However, this field has been mistakenly used by library implementations as a source of the key for signature verification. By creating a new key, embedding the key for verification within the header, and then signing the JWS Payload, an attacker is able to produce arbitrary JWT payloads.

Signing with an empty HMAC key

This attack signs a JWS with using a symmetric signature algorithm and an empty shared secret. CVE-2019-20933 is an example of using this technique to bypass authentication.

Signing with a Psychic signature

Some versions of Java between 15 and 18 failed to properly verify ECDSA signatures. This became known as Psychic Signatures or CVE-2022-21449.

Embedding a Collaborator payload

Burp Suite's Collaborator can be used to check if a server is fetching content based on the x5u or jku headers. Note that this functionality is only available in Burp Suite Professional.

Issues / Enhancements

If you have found a bug or think that a particular feature is missing, please raise an issue on the GitHub repository.

Useful Links