GitHub - Sjord/jwtdemo: Practice hacking JWT tokens

Vulnerable JWT implementations

Demo pages:

Attacks:

Change the algorithm from HS256 to none.
Change the algorithm from RS256 to HS256, and use the public key as the secret key for the HMAC.
Crack the HMAC key using John the Ripper.

Name		Name	Last commit message	Last commit date
Latest commit History 11 Commits
.gitignore		.gitignore
.htaccess		.htaccess
FirebaseRS256.php		FirebaseRS256.php
MishalHS256.php		MishalHS256.php
README.md		README.md
base.php		base.php
common.php		common.php
composer.json		composer.json
composer.lock		composer.lock
hs256.php		hs256.php
private.pem		private.pem
public.pem		public.pem
publickeyhs256.php		publickeyhs256.php
rs256.php		rs256.php