Skip to content

🎉 Welcome! Enjoy your reading, and I hope you will learn something new.

N£utr0nys Notes Blog About

Archives
Glossary
Experiences
My CV

CTRL K

CTRL K

Notes
Blog
- FCSC 2026 - Crypto Write-Ups
- A new journey
About
More
More
About Me
Archives

Binary Exploitation
Cryptography
CTF Archives
Forensics
Hardware
OSINT
Reverse Engineering
Science
Steganography
System
Web Exploitation
More
About Me
Archives

On this page

Tools
Online
GitHub
Challenges
Portswigger
Cryptohack
Resources

View this page on GitHub →

Web Exploitation

JSON Web Token

JSON Web Token (JWT)

Tools

Online

JSON Web Tokens - jwt.io

GitHub

jwt_tool
rsa_sign2n: Deriving RSA public keys from message-signature pairs

Challenges

Portswigger

JWT authentication bypass via unverified signature
JWT authentication bypass via flawed signature verification
JWT authentication bypass via weak signing key
JWT authentication bypass via JWK header injection
JWT authentication bypass via JKU header injection
JWT authentication bypass via KID header path traversal
JWT authentication bypass via algorithm confusion
JWT authentication bypass via algorithm confusion with no exposed key

Cryptohack

CryptoHack – Crypto on the Web challenges

Resources

JWT Vulnerabilities (Json Web Tokens) - HackTricks
JWT attacks | Web Security Academy
PayloadsAllTheThings/JSON Web Token

Last updated on May 12, 2026

GraphQL Open Redirect

Powered by Hextra

© 2026 N£utr0nys