kaka77
diff --git a/‎.gitbook/assets/image (435).png‎
6.69 KB b/‎.gitbook/assets/image (435).png‎
6.69 KB
diff --git a/‎pentesting-web/hacking-jwt-json-web-tokens.md‎
Lines changed: 19 additions & 1 deletion b/‎pentesting-web/hacking-jwt-json-web-tokens.md‎
Lines changed: 19 additions & 1 deletion
@@ -1,7 +1,25 @@
 # JWT Vulnerabilities \(Json Web Tokens\)
 
 **Part of this post was taken from:** [**https://github.com/ticarpi/jwt\_tool/wiki/Attack-Methodology**](https://github.com/ticarpi/jwt_tool/wiki/Attack-Methodology)  
-**Author of the great tool to pentest JWT** [**https://github.com/ticarpi/jwt\_tool**](https://github.com/ticarpi/jwt_tool)\*\*\*\*
+**Author of the great tool to pentest JWTs** [**https://github.com/ticarpi/jwt\_tool**](https://github.com/ticarpi/jwt_tool)
+
+## **Quick Wins**
+
+Run [**jwt\_tool**](https://github.com/ticarpi/jwt_tool) ****with mode `All Tests!` and wait for green lines
+
+```bash
+python3 jwt_tool.py -M at -t "https://api.example.com/api/v1/user/76bab5dd-9307-ab04-8123-fda81234245" -rh "Authorization: Bearer eyJhbG...<JWT Token>"
+```
+
+If you are lucky the tool will find some case where the web application is correctly checking the JWT:
+
+![](../.gitbook/assets/image%20%28435%29.png)
+
+Then, you can search the request in your proxy or dump the used JWT for that request using jwt\_ tool:
+
+```bash
+python3 jwt_tool.py -Q "jwttool_706649b802c9f5e41052062a3787b291"
+```
 
 ## Tamper data without modifying anything