GitHub6y
Collection of scripts that aid in penetration testing of JSON Web Tokens
Used to perform a threaded dictionary attack against the secret keyword of HS256 signed tokens usage: JWTCrack.py [-h] [-a {HS256,HS384,HS512}] [-t THREADS] encoded_jwt wordlist ===== JWTCrack (c)2018 ...
GitHub7y
A sample JWT web app that can be use to demonstrate how to escalate permissions by cracking and forging JWT tokens
This is a simple application where you can login as a user with normal privileges (so normal that you can't do anything!) and by hacking the session id (which is a simple JWT) you should try to ...