After "secret" is encoded in Base64, the key cannot be cracked.

[hcjcn]

After generating a JWT using the key 123456, when the secret is encoded in Base64, the key cannot be cracked.

https://jwt.io

==========
python jwt_tool.py eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.keH6T3x1z7mmhKL1T3r9sQdAxxdzB6siemGMr_6ZOwU -C -d jwt.secrets.list
Version 2.2.7 ______| @ticarpi

Original JWT:

[+] 123456 is the CORRECT key!

=============
python jwt_tool.py eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.vNLdd89sam3Y-KyxQvXMuwGOhSi3peu4Gy5V5_FEYy8 -C -d jwt.secrets.list

Version 2.2.7 ______| @ticarpi

Original JWT:

[-] Key not in dictionary

[BreakfastSerial]

Wait, are you saying you used 123456 as the key in the first example and MTIzNDU2 (base64 of 123456) as the key in the second example?

Seems like you're using the wordlist jwt.secrets.list; does that contain both these keys or are you expecting the tool to check all keys and the base64 encoded version of all keys from the wordlist?