Home
Andrea Tedeschi edited this page Jan 18, 2021
·
9 revisions
jwtXploiter is a tool I wrote to make my life easier when testing security of Json Web Token. It supports the exploitation of lot of known vulnerabilities related to JWTs. From the basic "None alg" attack, to jku and x5u headers injection. Of course, even if this tool does a lot of stuff for you, using it requires knowledge of what you are doing. At the time of writing, the tool is still in beta, so you could run in non-handled erros. Open issues will be appreciated.