Ctrlk

JWT Tokens

Format

JWT tokens will be denoted by alpha numeric stings broken up by two . characters.

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6InR5bGVyXzdjMDc3NzBmZDciLCJpYXQiOjE2NjQyODc1ODV9.bxi-fAIhRRRuZyP7qZTSIuuSEl8qHwZal86C-JCFMPg

Decode the JWT and see what data it stores at:
https://jwt.io/

JWT Tool

Offers an automated way to test JWT tokens and how the site is using them, looks for common vulns

Install

Usage

PreviousWeb Servers NextAdobe Coldfusion

Last updated 3 years ago

python3 jwt_tool.py -M at -t "http://104.248.162.85:31635/" -rh "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6InR5bGVyXzdjMDc3NzBmZDciLCJpYXQiOjE2NjQyODc1ODV9.bxi-fAIhRRRuZyP7qZTSIuuSEl8qHwZal86C-JCFMPg"