jwt_tool

Workflow

Step

Description

Recon

Decode the token to see what's in it

Scan

Run a Playbook Scan against the app to check for common misconfigurations

Exploit

Exploit any identified vulnerability

Fuzz

Check for unexpected values and claims to identify unexpected app behaviours

Review

Check the logs of any successful exploitation

jwt_tool.py <token>

jwt_tool.py -rh "Authorization: Bearer eyJ...<SNIP>...2Tw"  -t http://127.0.0.1:8888/identity/api/v2/user/dashboard -M pb

jwt_tool -C -d /usr/share/wordlists/rockyou 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6InRlc3QifQ==.BmzWWVFXmJsqH7K9dTxCyCopRB0HHFvCYKCfwW+8We4='

Resources

GitHub - ticarpi/jwt_tool: A toolkit for testing, tweaking and cracking JSON Web TokensGitHub

PreviousArjun NextApplications

Last updated 11 months ago

Was this helpful?