JSON Web Tokens
JSON Web Tokens (JWT4B) lets you decode and manipulate JSON web tokens on the fly, check their validity and automate common attacks.
- Automatic recognition
- JWT Editor
- Resigning of JWTs
- Signature checks
- Automated attacks available such as "Alg None" & "CVE-2018-0114"
- Validity checks and support for 'expires', 'not before', 'issued at' fields in the payload
- Automatic tests for security flags in cookie transmitted JWTs
|Author||Oussama Zgheb & Mathias Vetsch|
|Last updated||19 February 2021|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
|You can view the source code for this BApp by visiting our GitHub page.|
|Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.|
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.