Book Your API Security Demo Now
Privacy settings
We use cookies and similar technologies that are necessary to run the website. Additional cookies are only used with your consent. You can consent to our use of cookies by clicking on Agree. For more information on which data is collected and how it is shared with our partners please read our privacy and cookie policy: Cookie policy, Privacy policy
We use cookies to access, analyse and store information such as the characteristics of your device as well as certain personal data (IP addresses, navigation usage, geolocation data or unique identifiers). The processing of your data serves various purposes: Analytics cookies allow us to analyse our performance to offer you a better online experience and evaluate the efficiency of our campaigns. Personalisation cookies give you access to a customised experience of our website with usage-based offers and support. Finally, Advertising cookies are placed by third-party companies processing your data to create audiences lists to deliver targeted ads on social media and the internet. You may freely give, refuse or withdraw your consent at any time using the link provided at the bottom of each page.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
JWT Security Automated
JWT Heartbreaker is a Burp extension designed to find thousands of weak secrets automatically. This extension will automatically find JWT tokens in all the proxied HTTP requests and check for any secrets weaknesses. The extension is available under a GPL license, which is based on the extension JSON Web Tokens (JWT4B).
%201.svg){kind=small}
Features
Thousands of weak secrets detected
Automatically identifies JWT vulnerabilities at scale.
Automatic token discovery
Finds all JWT tokens in proxied requests.
Burp Suite integration
Seamlessly extends Burp Suite security testing capabilities.
HTTP proxy support
Works with all proxied HTTP traffic.