There are a total of 8 PortSwigger JWT Labs which are an excellent resource for deep diving into JWT attacks. The aim of these labs is to delete the user Carlos through the Admin panel by forging the JWTs. We’ll discover different ways of forging these tokens through these labs.
Table of contents
Deep dive into JWT attacksLab 1: JWT authentication bypass via unverified signatureLab 2: JWT authentication bypass via flawed signature verificationLab 3: JWT authentication bypass via weak signing keyLab 4: JWT authentication bypass via jwk header injectionLab 5: JWT authentication bypass via jku header injectionLab 6: JWT authentication bypass via kid header path traversalLab 7: JWT authentication bypass via algorithm confusionLab 8: JWT authentication bypass via algorithm confusion with no exposed keySort: