A powerful plugin for Caido that automatically detects, analyzes, and helps security professionals test JSON Web Tokens (JWTs)
Table of Contents
JWT Analyzer is a comprehensive security tool designed for penetration testers and web application security professionals. It seamlessly integrates with Caido to provide real-time detection, analysis, and testing capabilities for JSON Web Tokens found in web traffic.
Automatic Token Detection & Analysis
- Real-time JWT Detection: Automatically identifies and captures JWT tokens in requests and responses
- Token Security Analysis: Evaluates token security including algorithm strength, signature validation, and claims verification
- Vulnerability Detection: Identifies common JWT security issues like missing claims, weak algorithms, and token tampering opportunities
Comprehensive Dashboard
- JWT Summary Statistics: Get at-a-glance view of all detected tokens and critical security issues
- Algorithm Distribution: Visual breakdown of JWT signing algorithms used across the application
- Filterable Token List: Sort and filter tokens by severity, algorithm, or source
Advanced JWT Decoder
- Visual Token Breakdown: See color-coded header, payload, and signature sections
- Expiration Verification: Visual indicators for token validity status
- Interactive Claims Explorer: Browse through standard and custom claims with detailed explanations
Security Testing Tools
- JWT Token Editor: Manipulate token content and sign with different algorithms
- Attack Simulation Tools: Ready-to-use attacks including algorithm switching, 'none' algorithm, and key injection
- Key Management: Generate, import and use custom keys for token signing
Detailed Token Analysis
- Security Risk Assessment: Detailed explanations of token risks and exploitability
- Claims Validation: Verify critical security claims like 'exp', 'nbf', 'iss', and 'aud'
- Export Capabilities: Save findings for security reports in different formats
Educational Resources
- Built-in Documentation: Comprehensive help section with JWT security best practices
- Testing Workflows: Step-by-step guides for common JWT security testing scenarios
- References: Links to common JWT vulnerabilities and CVEs
- Open Caido
- Navigate to Settings > Plugins
- Click the Plugin Store tab
- Search for "JWT Analyzer"
- Click Install
- Start capturing traffic in Caido
- Browse through the application while Caido records traffic
- JWT Analyzer will automatically detect JWT tokens in requests and responses
- Detected tokens will appear in the JWT Analyzer dashboard
- Click on any token in the dashboard to view details
- Check the security assessment and identified risks
- Review token claims and validate expiration status
- Send a token to the JWT Editor using the "Send to Editor" button
- Modify claims or header parameters
- Try different attacks like algorithm switching or signature stripping
- Use the modified token in your requests to test for vulnerabilities
| Attack | Description |
|---|---|
| Algorithm Confusion | Switch RS256 to HS256 and use the public key as the HMAC secret |
| None Algorithm Attack | Change the algorithm to 'none' and remove the signature |
| Key ID (kid) Manipulation | Modify the 'kid' parameter to point to a different key |
| Claim Tampering | Modify role claims or user identifiers to test authorization controls |
Complete documentation is available within the plugin under the Help & Docs tab.
JWT Analyzer is actively maintained. Updates may include new features, additional attack vectors, and improved token analysis.
If you encounter any issues or have suggestions for improvements, please report them on our GitHub repository.
This project is licensed under the MIT License - see the LICENSE file for details.
Made with ❤️ by Amr Elsagaei for the Caido and security community