SOFTWARE DEVELOPMENT TO AUTOMATE JWT TESTING
DOI:
https://doi.org/10.30890/2567-5273.2023-29-01-074Keywords:
JWT, JSON Web Token, testing automation, vulnerabilities, stateful cookie, stateless cookie, JwtTester, JSON Web Tokens, jwtcat, jwt_tool, jwtXploiter, JwtCracker.Abstract
The article discusses JSON Web Token, a relatively "young" but popular technology that is mainly used to track user sessions.The goal of this work is to create an intuitive software tool that can automate JWT testing.To accomplish this task, we conducteMetrics
References
Java M. stateful, stateless, cookie and session. Bit and Bytes. URL: https://sethuramanmurali.wordpress.com/2013/07/07/stateful-stateless-cookie-and-session/.
JSON Web Tokens. Auth0. URL: https://auth0.com/docs/secure/tokens/json-web-tokens.
JWT attacks | Web Security Academy. PortSwigger. URL: https://portswigger.net/web-security/jwt#:~:text=JWT%20vulnerabilities%20typically%20arise%20due,many%20implementation%20details%20for%20themselves.
JSON Web Tokens. PortSwigger. URL: https://portswigger.net/bappstore/f923cbf91698420890354c1d8958fee6.
GitHub - aress31/jwtcat: A CPU-based JSON Web Token (JWT) cracker and - to some extent - scanner. GitHub. URL: https://github.com/aress31/jwtcat.
GitHub - ticarpi/jwt_tool: :snake: A toolkit for testing, tweaking and cracking JSON Web Tokens. GitHub. URL: https://github.com/ticarpi/jwt_tool.
GitHub - DontPanicO/jwtXploiter: A tool to test security of json web token. GitHub. URL: https://github.com/DontPanicO/jwtXploiter.
GitHub - lmammino/jwt-cracker: Simple HS256 JWT token brute force cracker. GitHub. URL: https://github.com/lmammino/jwt-cracker.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2023 Authors
This work is licensed under a Creative Commons Attribution 4.0 International License.
