How can we help you today?

How to perform Authenticated Website Scan with JWT

You can do this by using the custom HTTP headers authentication method
Written by Victor Pisarciuc
Updated 2 months ago

You need to paste the session token in the Headers field, in the same line, after writing “Authorization: Bearer“. It may seem like a new line due to the textbox formatting but it is a single line. The input should look like this:

Authorization: Bearer [paste the session token, without brackets]

Performing authenticated website vulnerability scan with JWT using the Pentest-Tools.com custom HTTP headers authentication method

The check authentication is currently disabled on the Headers method. You should press the “Start scan” button and an authentication check will be made during the scan.

Did this answer your question?