Welcome to the repository accompanying the project on Broken Access Control. This project explores access control vulnerabilities in web applications, including Insecure Direct Object References (IDOR) and weak JWT (JSON Web Token) implementations, and provides detailed mitigation strategies.

• About the Project
• Features
• Installation
• Usage
• Exploitation Demonstrations
  • JWT Token Vulnerabilities
  • IDOR Weaknesses
• Security Enhancements
• Directory Structure
• Contributing
• License

This repository is a companion to a security research project focusing on Broken Access Control, a leading cause of web application vulnerabilities as highlighted by the OWASP Top 10. The project demonstrates the exploitation of improperly secured systems and presents actionable recommendations to enhance security.

⚠️ This repository is intended for educational purposes only. The vulnerable implementation and demonstration tools should not be used in production environments.

• Demonstrates key vulnerabilities:
  • Weak JWT token validation and signature implementation.
  • Exploitable IDOR vulnerabilities.
• Implements secure practices to mitigate vulnerabilities:
  • Robust token signing and validation.
  • Proper authorization checks.
  • Strong encryption and secure communication protocols.
• Provides an educational platform for developers, students, and security professionals.

• Node.js: Make sure Node.js is installed on your system. Download it here.
• npm: Comes bundled with Node.js.

1. Clone the repository:

   git clone https://github.com/your-username/broken-access-control.git
   cd broken-access-control

2. Install dependencies:

   npm install

3. Run the application:

   node server.js

4. Access the application: Open your browser and navigate to http://localhost:3000.

• Ensure Burp Suite is installed for testing and intercepting HTTP requests.
• Use the provided vulnerable application to test attacks like:
  • JWT manipulation for privilege escalation.
  • URL parameter tampering for IDOR exploitation.

The vulnerable implementation of JWT tokens in this project:

• Uses an empty secret key for token signing.
• Does not validate token signatures, allowing easy forgery.

To exploit:

1. Log in as a standard user and intercept the JWT token.
2. Modify the token payload using tools like Burp Suite or jwt.io.
3. Escalate privileges by altering the role claim to admin.

The IDOR vulnerability allows unauthorized access to sensitive user data:

1. Authenticate as a standard user.
2. Modify the userId parameter in the URL to access data belonging to other users.

The repository includes a secure implementation of the system, addressing the demonstrated vulnerabilities:

• Secure JWT signing and verification.
• Ownership validation for user-specific resources.
• AES-256 encryption for sensitive data.
• Rate limiting and session expiration for authentication.

To explore the secure implementation, switch to the secure branch:

git checkout secure

.
├── certificates/
│   ├── certificate.pem
│   └── private.key
├── node_modules/
├── public/
│   ├── index.html
│   ├── script.js
│   ├── style.css
│   └── server.js.bak
├── server.js
├── README.md
└── package.json

• server.js: Implements the server, including authentication and API endpoints.
• public/: Contains the front-end files (HTML, CSS, JavaScript).
• certificates/: Stores SSL/TLS certificates for secure communication.

Contributions are welcome! If you’d like to improve this project, feel free to:

1. Fork the repository.
2. Create a new branch for your feature or fix.
3. Submit a pull request with a clear description of your changes.

This project is licensed under the MIT License. See the LICENSE file for details.