A hands-on lab for learning about JWT (JSON Web Token) vulnerabilities and how to exploit them.
This lab consists of:
- A Node.js backend API with intentional JWT vulnerabilities
- A MongoDB database for user storage
- A simple web frontend for interacting with the vulnerable API
This lab demonstrates the following JWT vulnerabilities:
- Weak Secret Key
- 'None' Algorithm Attack
- Algorithm Confusion Attack
- Missing Signature Validation
- JWT Secret Disclosure
- Docker
- Docker Compose
- Clone this repository:
git clone https://github.com/lawbyte/jwt-lab
cd jwt-vulnerability-lab
- Start the lab environment:
docker-compose up -d
- Access the web application at http://localhost:8200
- The API is accessible directly at http://localhost:3000
The lab is pre-configured with two users:
- Regular user:
user / userpassword
- Admin user:
admin / adminpassword
- Register a new user or log in with one of the default users
- Obtain a JWT token through the login process
- Use the token to access protected endpoints
- Analyze the token for vulnerabilities
- Craft exploits for each vulnerability
- Test your exploits against the vulnerable endpoints
/api/login
- Standard login endpoint (weak secret vulnerability)/api/none-alg
- Vulnerable to 'none' algorithm attacks/api/alg-confusion
- Vulnerable to algorithm confusion attacks/api/missing-validation
- Vulnerable to signature tampering/api/debug
- Leaks JWT secret/api/secure
- Properly secured endpoint (for comparison)/api/admin
- Admin-only endpoint (privilege escalation target)
Refer to the solution.md
file for detailed explanations of each vulnerability, exploitation techniques, and recommended fixes.
This lab is for educational purposes only. The vulnerabilities demonstrated here should never be implemented in production systems.
This project is licensed under the MIT License - see the LICENSE file for details.