Checkout Any Products For Free! JSON Web Token Hack

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
today's tutorial is going to be focusing on making someone else pay for your shopping cart [Music] now before we get started hacking is illegal if you want to do any of this hacking activities only do it in your own lab environment and not anywhere else and of course don't try to hack my website lawyerland.com so anyway let's get started so right in front of us i have web go so webcode is a vulnerable web application system for us to do all our adequate hacking on it this is a fantastic place for you to test up particularly in this area of json web token tokens all right so here you can see the following refreshing a token assignment from breach of last year the following log file is available here can you find a way to order the books but let tom pay for them right so here you got a following you want to defend your application web code pen testing for professionals if you scroll down at the bottom so what we're trying to do here is to make someone else pay for your shopping cart and in this case tom is going to be our target so what we can do now is go ahead and open up a terminal and once your terminal is running what you want to do is go ahead and launch purposefully by entering burp suite followed by hand so this would put it into the background rather than it being taking up space in your terminal so here you got it all right we have the following burp suite community edition click close for that and we have community edition click next click start verb so now that we are starting our verb so bob is going to x our interceptor so that we can see all the payloads so what we can do now is click on the proxy tab ensure the intercept is on and you can see the following no proxy listeners are running so go ahead and click enable all right click edit so now we're going to change the bind to port to 9999 click ok because we have port 8080 up by another service click ok on that and once we're done click back under intercept and we can verify that intercept is on so now the intercept is on what we can do next is go back to web good go to top right corner under proxy proxy go ahead and select burp suite all right so in my case foxy proxy burp suite now begins the interception process for it i can right click on to say for example the following gets web going service lesson overview dot nbc and we can see the following all right don't intercept requests for this directory because this constantly pops up whenever we're on web goal right so i can go ahead and click forward for all this and it will stop popping up whenever we're going back and running all these tests so we are doing a future true burp suite next up all right going back to web gold go ahead now and click checkout all right go ahead and click checkout and we get a following okay post slash web gold slash jwt slash refresh slash checkout so let's right-click and send over to repeater so now we can go back into repeater and we can see the following and when i click send it states the following okay so we got a json response as a follow all right feedback not a valid json web token token please try again so what we are doing here we're trying to inspect under authorization and in authorization we have barrel now so we have an empty and this is usually to be filled with json web tokens so in this case this is null and in this situation it's not going to be able to validate whether we have a json web token so what we can do next is to go back into the website go ahead and refresh it go back to burp suite okay and click under the proxy tab let's just go ahead and forward whatever we want here okay let's go and forward all that okay and go to http history so these are all the requests just sent from our browser all the way to web application service and we can see as follow right let's scroll all the way down we can see a lot of the lesson manual.mvc the lesson overview to mvc so we're going to ignore them because they're not really part of the reasons why we're here so going scrolling down we can see the following okay we have refresh slash login okay so here we can see the following we have a request for the username as well as the password field so this results in a refresh so we can look at the response and here we've got it okay we got access token as well as the refresh token so let's go ahead and copy right click copy and we can open up your favorite text editor whichever you want to let's go ahead and click on it so in this case i'm going to copy and paste it over here so i've pasted it and we have the access token and all these different details so let's go ahead and copy the access token and we'll go back to burp street and what we'll do now is go back to repeater and what we're going to do is to replace the null all right with the one that we have selected earlier so with that let's go ahead and click send and see what kind of result we get so you click send over here we get a following error user is not talking about jerry please try again okay so what's happening here let me explain a little more in detail so let's go back into the browser go to the top right corner and turn off the proxy and what we can do is go over into jwt.io and what you want to do now is go ahead and paste the jwt token that we have copied and paste it right here so you can see the following okay we got decoded and we have the following we have algorithm hs512 we have the payload data in this case admin false and user jerry and we have verified signatures so this is a structure of a standard jot token and what we can do now is to manipulate it and change it so that we can reflect the user as tom rather than somebody else in this case jerry so what we can do now is to use say for example base64 encode.org and what we are doing here is to change the algorithm that is put in place so the alg is now changed to none and once you have it and you can click under end code it will give us and produce to us right the following result and this is the result that we want to use to replace all right the first section of the jot token so let's go ahead you'll right click copy and we can go back to burp suite go on the repeater and we can change the first section of this paste it over and right here so we've replaced algorithm we've changed it to none the next thing we want to do now is to be able to change the user of it so going back here we can change the following user to talk and you can see the update that is being reflected on the payload data so with that we can right click and copy this and again go back to the interceptor or i change it right here to second component all right paste it over okay and now the final part is that we no longer need the signature we no longer need to do a verification process of it because the algorithm now is not we're not using any algorithm for it so what we can do is go ahead and remove the last section of it and with that all right we've completed the entire jot token we've manipulated it successfully and all you got to do now is in three two one go ahead and click send congratulations you have successfully completed the assignment and what i can do now is go ahead and copy this or i copy the entire request go back to proxy all right under intercept what i can do now is go back into the browser go to the top right corner select burp street as the interceptor go back to web code or i scroll down further i click checkout we have an interception here i can replace it entirely and i can click forward and once we go back to the browser you can see the bottom congratulations you have successfully completed the assignment so this demonstrated really quickly how we can manipulate the json web token token and be able to use another user to check out from a shopping cart so once again i hope you learned something available in today's tutorial but like share subscribe and turn on notifications so that you can become a brand of the latest cyber security tutorial thank you so much once again for watching
Info
Channel: Loi Liang Yang
Views: 110,935
Rating: undefined out of 5
Keywords: hacker, hacking, cracker, cracking, kali linux, kali, metasploit, ethical hacking, ethical hacker, penetration testing, penetration tester, owasp
Id: -_RuXUfZ59k
Channel Id: undefined
Length: 7min 49sec (469 seconds)
Published: Fri Sep 17 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.