JSON Web Tokens
How to exploit JSON Web Tokens.
Last updated
How to exploit JSON Web Tokens.
Last updated
JWT Tool is great for finding issues in JSON Web Tokens. It will help to identify the following issues:
JWT uses HS256 signing algorithm
JWT contains sensitive data
JWT does not expire
JWT permits a NULL signature
RS256 to HS256
Use the following command to crack JWTs.
hashcat.exe -m 16500 /JWT.txt rockyou.txt --backend-ignore-cuda
JWT.txt should contain your JWT.
Various password wordlists can be used. rockyou.txt is one example.