jwt_tool
Workflow
No
Step
Description
1
Recon
Decode the token to see what's in it
2
Scan
Run a Playbook Scan against the app to check for common misconfigurations
3
Exploit
Exploit any identified vulnerability
4
Fuzz
Check for unexpected values and claims to identify unexpected app behaviours
5
Review
Check the logs of any successful exploitation
jwt_tool.py <token>jwt_tool.py -rh "Authorization: Bearer eyJ...<SNIP>...2Tw" -t http://127.0.0.1:8888/identity/api/v2/user/dashboard -M pbjwt_tool -C -d /usr/share/wordlists/rockyou 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6InRlc3QifQ==.BmzWWVFXmJsqH7K9dTxCyCopRB0HHFvCYKCfwW+8We4='Resources
Last updated
Was this helpful?