offensive-jwt

SKILLWorkflowcommunity
v0.0.05urg3onUnknownUpdated 1mo agoSource →

JWT attack methodology for penetration testers. Covers algorithm confusion (alg:none, RS256→HS256), weak HMAC secret brute force, kid parameter injection (SQLi, path traversal), jku/x5u/jwk header injection, JWKS cache poisoning, JWS/JWE confusion, timing attacks, and mobile JWT storage extraction.

Community-submitted skill. Not yet reviewed by the Forge team. Full prompt content may not be available.Request review →
1Clients
1Formats
1mo agoLast update
Skill
Author5urg3on
Version0.0.0
LicenseUnknown
CategoryWorkflow
Formatsskill.md
PromptOpen (see Prompt tab)
Compatibility
Claude✓ Supported
Cursor
Copilot
ChatGPT
Gemini
About

JWT attack methodology for penetration testers. Covers algorithm confusion (alg:none, RS256→HS256), weak HMAC secret brute force, kid parameter injection (SQLi, path traversal), jku/x5u/jwk header injection, JWKS cache poisoning, JWS/JWE confusion, timing attacks, and mobile JWT storage extraction. Use when testing JWT-based authentication, hunting auth bypass via token manipulation, or evaluating

Keywords
skillclaude