coelner/hacktricks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

GitBook: [#3333] No subject

Browse Source
This commit is contained in:
CPol 2022-07-22 12:41:11 +00:00 committed by gitbook-bot
parent 3506ce5828
commit 7d989441f5
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pentesting-web/hacking-jwt-json-web-tokens.md
View File

@ -30,7 +30,9 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
Run [**jwt\_tool**](https://github.com/ticarpi/jwt\_tool) with mode `All Tests!` and wait for green lines
```bash
python3 jwt_tool.py -M at -t "https://api.example.com/api/v1/user/76bab5dd-9307-ab04-8123-fda81234245" -rh "Authorization: Bearer eyJhbG...<JWT Token>"
python3 jwt_tool.py -M at \
-t "https://api.example.com/api/v1/user/76bab5dd-9307-ab04-8123-fda81234245" \
-rh "Authorization: Bearer eyJhbG...<JWT Token>"
```
If you are lucky the tool will find some case where the web application is correctly checking the JWT: