【笔记】JWT密钥爆破

前言

A multi-threaded JWT brute-force cracker written in C. If you are very lucky or have a huge computing power, this program should find the secret key of a JWT token, allowing you to forge valid tokens. This is for testing purposes only, do not put yourself in trouble :)(Github

下载依赖

  • OpenSSL
1
brew install openssl

下载项目

1
2
git clone https://github.com/brendan-rius/c-jwt-cracker.git
cd c-jwt-cracker

编译

MacOS

OPENSSL=:指定OpenSSL的include目录
OPENSSL_LIB=:指定OpenSSL的lib目录

1
make OPENSSL=/opt/homebrew/Cellar/openssl@3/3.3.1/include OPENSSL_LIB=-L/opt/homebrew/Cellar/openssl@3/3.3.1/lib

JWT密钥爆破

<jwt>:被爆破密钥的JWT字符串

1
./jwtcrack <jwt>

完成

参考文献

哔哩哔哩——xiaodisec