Course

In this lab, you will learn how to exploit a weakness in JSON Web Token (JWT) that is used for authentication in web applications. The JWT consists of three parts: Base64 encoded header, data, and signature. The header contains information about the security mechanisms used, such as the algorithm for the signature. By changing the algorithm to "None," an attacker can tamper with the token and bypass authentication mechanisms.

The exercise guides you through creating a user account, inspecting the token, and modifying it to gain admin access. Using a proxy tool like Burp Suite, you will intercept the HTTP traffic, decode the JWT, and alter its content. The vulnerability arises because the server does not validate the presence of a signature when the algorithm is set to "None," allowing attackers to provide an empty signature and gain unauthorized access.