This exercise covers the exploitation of a website using JWT for session without verifying the signature

< 1 Hr.
Blue Badge


This course details the exploitation of a weakness in the usage of JSON Web Tokens (JWT), commonly used for authentication. Upon successful login, the user is issued a JWT in a cookie. This exercise demonstrates a frequent issue in applications using JWT: not verifying the token's signature. By modifying the payload of the JWT to change the username to "admin," one can gain unauthorized access, as the application fails to check the signature.

The course further elaborates on the structure of a JWT, which consists of a header, payload, and signature concatenated by dots. It explains that the signature is meant to ensure the integrity of the token, but some applications neglect to verify it. This oversight can occur due to developers using methods that decode the JWT without verification or forgetting to re-enable signature checks after debugging. The exploitation process involves decoding the JWT using Base64, tampering with the payload, and sending the altered token back to the application to achieve unauthorized access.

Want to learn more? Get started with PentesterLab Pro! GO PRO