2 Videos for JSON Web Token None Algorithm

PRO
Tier
difficulty_easy_icon
Easy
clock icon
< 1 Hr.
number of users completed icon
9997
badge icon
White Badge
image of exercise JWT: Introduction
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
JWT: Introduction

In this exercise, we cover a vulnerability in JSON Web Token (JWT) discovered by Tim Macklin in March 2015. This vulnerability is easy to exploit and highlights a fundamental design flaw in JWT.

video duration icon03:37 number of views icon13571

 

image of exercise JWT: Exploitation
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
Spoiler
JWT: Exploitation

In this exercise, we tamper with a JSON Web Token (JWT) to gain admin access in an application. By using Burp Suite to intercept and modify HTTP traffic, we exploit a vulnerability in the JWT library that allows us to bypass authentication.

video duration icon08:34 number of views icon15460