Paste a JWT to decode its header and payload, check for alg:none and weak signing secrets, then edit claims and re-sign or export an unsigned token.