SOFTWARE DEVELOPMENT TO AUTOMATE JWT TESTING

Authors

  • Maksym-Mykola Posuvailo Lviv Polytechnic National University

DOI:

https://doi.org/10.30890/2567-5273.2023-29-01-074

Keywords:

JWT, JSON Web Token, testing automation, vulnerabilities, stateful cookie, stateless cookie, JwtTester, JSON Web Tokens, jwtcat, jwt_tool, jwtXploiter, JwtCracker.

Abstract

The article discusses JSON Web Token, a relatively "young" but popular technology that is mainly used to track user sessions.The goal of this work is to create an intuitive software tool that can automate JWT testing.To accomplish this task, we conducte

Metrics

Metrics Loading ...

References

Java M. stateful, stateless, cookie and session. Bit and Bytes. URL: https://sethuramanmurali.wordpress.com/2013/07/07/stateful-stateless-cookie-and-session/.

JSON Web Tokens. Auth0. URL: https://auth0.com/docs/secure/tokens/json-web-tokens.

JWT attacks | Web Security Academy. PortSwigger. URL: https://portswigger.net/web-security/jwt#:~:text=JWT%20vulnerabilities%20typically%20arise%20due,many%20implementation%20details%20for%20themselves.

JSON Web Tokens. PortSwigger. URL: https://portswigger.net/bappstore/f923cbf91698420890354c1d8958fee6.

GitHub - aress31/jwtcat: A CPU-based JSON Web Token (JWT) cracker and - to some extent - scanner. GitHub. URL: https://github.com/aress31/jwtcat.

GitHub - ticarpi/jwt_tool: :snake: A toolkit for testing, tweaking and cracking JSON Web Tokens. GitHub. URL: https://github.com/ticarpi/jwt_tool.

GitHub - DontPanicO/jwtXploiter: A tool to test security of json web token. GitHub. URL: https://github.com/DontPanicO/jwtXploiter.

GitHub - lmammino/jwt-cracker: Simple HS256 JWT token brute force cracker. GitHub. URL: https://github.com/lmammino/jwt-cracker.

Published

2023-10-30

How to Cite

Посувайло, М.-М. (2023). SOFTWARE DEVELOPMENT TO AUTOMATE JWT TESTING. Modern Engineering and Innovative Technologies, 1(29-01), 133–138. https://doi.org/10.30890/2567-5273.2023-29-01-074

Issue

Section

Articles