search

blst-security / cherrybomb

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.
https://www.blstsecurity.com/cherrybomb
Apache License 2.0
1.12k stars 78 forks source link

Active Test / JWT Token #71

Open DeliciousBounty opened 2 years ago

DeliciousBounty commented 2 years ago

We are looking for contributors!

JWT attacks involve a user sending modified JWTs to the server to accomplish a malicious goal. Typically, the goal is to circumvent authentication and access controls by impersonating another authenticated user. This active check simulates a real attack based JWT token on the API. Fore more info: https://portswigger.net/web-security/jwt https://infosecwriteups.com/attacks-on-json-web-token-jwt-278a49a1ad2e https://book.hacktricks.xyz/pentesting-web/hacking-jwt-json-web-tokens

aayush-vish commented 2 years ago

Wanted to Work on this Issues

DeliciousBounty commented 2 years ago

Hey @aayush-vish ! Great, this active test is still available. You can join us on our discord server if you have any question :) https://discord.gg/nswBjZRt

DeliciousBounty commented 2 years ago

Hello @aayush-vish , do you need any help for this issue?