JWT Token
Structure
https://auth0.com/docs/secure/tokens/json-web-tokens/json-web-token-structure
Debugger
Best online tool is https://token.dev JWT debugger.
JWT Tool
https://github.com/ticarpi/jwt_tool
https://github.com/ticarpi/jwt_tool/wiki/Attack-Methodology
Signature Verification Attacks
Algorithm None Bypass
HS256 - HMAC secret cracking
RS256 - Find public Key
Searching public key for cracking the primary key
https://github.com/ticarpi/jwt_tool/wiki/Finding-Public-Keys
Last updated