00 — Overview

JWT Attacks — Forge Your Identity

Log in, capture your token, decode it, change your role to admin, and forge a valid signature. The full JWT attack chain — no terminal, just the Interceptor and Encoder.

Intermediate·45 min·6 tasks

// By the end of this module

→Use an intercepting proxy to capture and modify JWT tokens live

→Apply JWT attack techniques against a real banking application

→Escalate privileges by modifying the "role" or "admin" JWT claim

→Combine JWT forgery with other vulnerabilities for full compromise

// Prerequisites

Authentication · Intermediate

JWT Attacks

40 min

→

Tools · Beginner

Burp Suite — The Hacker's Proxy

60 min

→