FIRST ! I am appreciative of all the JWT attack coverage.

One possible way is also in Burp Suite -> JSON Web Token -> Attack -> Sign with Empty Key -> Send to /admin.

hey bro it seems my jwt editor extension is not working. whenever i try to resign with the key i generated it just doesnt get resigned. i found another way to solve this.

I have one Jwt token.. It was free token... And and i need to modify that to vip token... Is this possible to edit??? If signature changed the server said token not provided in return response

I've figured that out why it says 302. It's because of `?id=weiner` . You need to remove it and send the request. Or You have to directly send the request to /admin