jwt-attack-methodology
OfficialDecode, crack, and escalate JWT weaknesses.
System Documentation
What problem does it solve?
JWT攻击方法论。当响应头/Cookie 中出现 eyJ 开头的字符串、Authorization: Bearer token、API 返回 token/access_token 字段、Flask session cookie(eyJ 开头的 base64 编码 Cookie)时使用。包含 alg:none 绕过、弱密钥爆破(hashcat/john/c-jwt-cracker/jwt_tool/flask-unsign 完整工具链)、Claims 篡改提权、RS256->HS256 算法混淆、kid 注入(SQL/路径穿越/命令注入)、jku/x5u 替换。发现任何 eyJ 开头的 Cookie 或 Token 都应使用此 skill
Core Features & Use Cases
- Phase 1: 获取和解码JWT:登录获取token,使用 jwt_decode 工具解码 Header、Payload、签名算法等。
- Phase 2-6: 攻击向量集合:None-alg、弱密钥爆破、Claims篡改、RS256→HS256、kid注入、jku/x5u 替换。
- 参考: references/jwt-advanced.md 获取更多 payload 与脚本
Quick Start
Analyze a target's JWT flow by decoding tokens and iteratively applying none-alg, weak-key brute force, claims tampering, RS256→HS256 confusion, and jku/x5u injections using the provided references.
Dependency Matrix
Required Modules
None requiredComponents
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: jwt-attack-methodology Download link: https://github.com/wgpsec/AboutSecurity/archive/main.zip#jwt-attack-methodology Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.