JWT Hacks

Remaining attacks

https://book.hacktricks.xyz/pentesting-web/hacking-jwt-json-web-tokens https://www.youtube.com/watch?v=VA1g7YV8HkI https://gowthamaraj-rajendran.medium.com/all-about-jwt-attacks-tools-included-8841c0a48b34 https://medium.com/@musab_alharany/10-ways-to-exploit-json-web-token-jwt-ac5f4efbc41b https://zerodayhacker.com/hacking-jwt-json-web-token-part-2/ https://portswigger.net/web-security/jwt/algorithm-confusion https://github.com/ticarpi/jwt_tool/blob/master/README.md https://github.com/ticarpi/jwt_tool/wiki https://github.com/ticarpi/jwt_tool/wiki/Using-jwt_tool https://github.com/ticarpi/jwt_tool/wiki/Known-Exploits-and-Attacks https://portswigger.net/web-security/jwt https://github.com/ticarpi/jwt_tool/wiki/Known-Exploits-and-Attacks https://nav7neeet.medium.com/jwt-key-confusion-attack-part1-556c2db4f148

Resources

https://blog.pentesteracademy.com/hacking-jwt-tokens-bruteforcing-weak-signing-key-johntheripper-89f0c7e6a87 Locktalk: https://crypto-cat.gitbook.io/ctf-writeups/2024/cyber_apocalypse_24/web/locktalk https://ctftime.org/writeup/38742

PreviousTypes of authNextThe JWT Crack Attack

Last updated