3 Videos for JWT Algorithm Confusion

PRO
Tier
difficulty_medium_icon
Medium
clock icon
1-2 Hrs.
number of users completed icon
3728
badge icon
Yellow Badge
image of exercise JWT II: Introduction
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
JWT II: Introduction

This video introduces the JWT II exercise on PentesterLab, focusing on the JWT (JSON Web Token) format and its components—Header, Payload, and Signature. It also explains the difference between encryption and signature, and demonstrates a practical attack on JWTs due to improper algorithm handling.

video duration icon05:15 number of views icon5445

 

image of exercise JWT II: Exploitation
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
Spoiler
JWT II: Exploitation

In this video, we delve into the exploitation of JSON Web Tokens (JWT) in a practical exercise. By manipulating JWTs, we demonstrate how to change user roles and gain unauthorized access using HMAC and RSA algorithms.

video duration icon11:40 number of views icon7325

 

image of exercise JWT II: Exploitation in Python 2 and 3
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
Spoiler
JWT II: Exploitation in Python 2 and 3

In this video, we explore the process of exploiting JWT tokens using Python 2 and 3. The exercise demonstrates how to manipulate JWT tokens to gain unauthorized access by altering the token's payload and re-signing it with a different algorithm.

video duration icon08:30 number of views icon4243