creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 13:44:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
41b828e7583ce8e937bc11397c7eaad2064b8860
Anthropic-Cybersecurity-Skills/skills/performing-jwt-none-algorithm-attack/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

48 lines
1.7 KiB
Markdown
Raw Blame History

# API Reference — Performing JWT None Algorithm Attack
## Libraries Used
- **base64**: Base64url encoding/decoding for JWT components
- **hmac / hashlib**: HMAC-SHA256 signing for algorithm confusion attacks
- **json**: JWT header/payload serialization
- **requests** (optional): Test forged tokens against live endpoints
## CLI Interface
```
python agent.py decode --token <jwt_string>
python agent.py forge --token <jwt_string> [--claims '{"role":"admin"}']
python agent.py confuse --token <jwt_string> [--pubkey public.pem]
python agent.py test --url <api_endpoint> --token <original_jwt>
```
## Core Functions
### `decode_jwt(token)` — Decode JWT without verification
Returns header, payload, and vulnerability checks: alg=none, no expiry, expired, no issuer.
### `forge_none_token(token, modify_claims)` — Create alg=none variants
Generates 6 variants: `none`, `None`, `NONE`, `nOnE`, empty signature, no trailing dot.
### `test_alg_confusion(token, public_key_file)` — Algorithm confusion attack
Tests RS256-to-HS256 downgrade using RSA public key as HMAC secret.
### `test_jwt_endpoint(url, original_token, forged_tokens)` — Validate against API
Sends forged tokens to target endpoint. Reports CRITICAL if any variant accepted.
## JWT None Variants Tested
| Variant | Algorithm Header |
|---------|-----------------|
| alg_none | `"alg": "none"` |
| alg_None | `"alg": "None"` |
| alg_NONE | `"alg": "NONE"` |
| alg_nOnE | `"alg": "nOnE"` |
| empty_sig | No signature segment |
## Severity Classification
- **CRITICAL**: Any none-algorithm token accepted by server
- **INFO**: All forged tokens rejected
## Dependencies
```
pip install requests # optional, for endpoint testing
```
Reference in New Issue View Git Blame Copy Permalink