I Built JWTLens: A Burp Suite Extension to Detect JWT Security Weaknesses

chawda mrunal — Thu, 19 Mar 2026 05:58:42 +0000

JWTs are everywhere.

They power authentication, session handling, API access, and secure communication across modern web applications. But JWT implementations are often misunderstood, misconfigured, or only partially validated. That is exactly where security issues start.

I built JWTLens, an open-source Burp Suite extension for JWT security testing, to help security engineers, pentesters, and bug bounty hunters inspect, analyze, and test JWTs faster.

Repo URL

What JWTLens does

JWTLens helps you analyze JWTs during security testing and spot common weaknesses such as:

algorithm confusion
signature bypass attempts
weak validation logic
header manipulation
missing or inconsistent claims checks
passive JWT exposure in requests

Instead of manually decoding tokens and switching between tools, JWTLens brings JWT analysis directly into your Burp Suite workflow.

Why JWT security still matters

A JWT is only as strong as the validation around it.

Even when a token looks signed and valid, the application may still be vulnerable if it:

trusts the wrong algorithm
fails to verify claims properly
accepts tampered headers
assumes signature validation is enough
exposes sensitive data in the payload

That is why JWT testing is still a valuable part of application security assessments.

A Complete Guide to Securing Secrets in AWS Lambda

chawda mrunal — Mon, 14 Apr 2025 05:32:35 +0000

A security-focused walkthrough on managing secrets in AWS Lambda. Learn the real risks of using environment variables and how to secure them using AWS KMS, Secrets Manager, and Parameter Store. Built on AWS best practices and real examples.

https://medium.com/bugbountywriteup/a-complete-guide-to-securing-secrets-in-aws-lambda-35304a133592

Forem: chawda mrunal

I Built JWTLens: A Burp Suite Extension to Detect JWT Security Weaknesses

A Complete Guide to Securing Secrets in AWS Lambda