JSON Web Token Vulnerabilities

preview_player
Показать описание
JSON Web Tokens (JWT) are becoming very common for authentication and authorisation these days. In this video, I show you how to bypass their signature checks in weak implementations.

~~~
This is an educational video, gain permission from target owners before attempting anything from this tutorial. By not doing so, you risk being penalised by the computer misuse act or equivalent in your country
~~~

0:00 Introduction
1:18 Sensitive Data/Expiry
2:36 Vulnerable JWT Lab
3:07 JWT None Attack
6:30 JWT Signature Not Checked
7:54 Key Confusion
10:44 Weak Signature Brute Force
12:37 kid Attack
15:46 Outro

Don't forget to subscribe and like the video for continued Cyber Security viewing!

  1. MrTurvey
  2. CTF
  3. JWT
  4. bug bounty
  5. ethical hacking
  6. exploit
Рекомендации по теме
JSON Web Token 0:06:30

JSON Web Token Hacking

How to Exploit 0:07:25

How to Exploit 'Json Web Token'(JWT) vulnerabilities | Full Practical

Why is JWT 0:05:14

Why is JWT popular?

JWT | JSON 0:09:50

JWT | JSON Web Token | Bug Bounty | Penetration Testing

Session vs Token 0:02:18

Session vs Token Authentication in 100 Seconds

JSON Web Token 0:16:28

JSON Web Token Vulnerabilities

JWTs are insecure 0:09:29

JWTs are insecure session tokens

Understanding JSON Web 0:11:52

Understanding JSON Web Token Vulnerabilities | TryHackMe

Intro to JWT 0:39:22

Intro to JWT Vulnerabilities

How Hackers Hack 0:13:15

How Hackers Hack JSON Web Tokens

ATTACKING JWT FOR 0:07:39

ATTACKING JWT FOR BEGINNERS!

Introduction to JWT 0:16:33

Introduction to JWT Attacks

Understanding JWT Vulnerabilities: 0:05:02

Understanding JWT Vulnerabilities: JWT Crack Attack

Hands-On Realistic Pentesting 0:07:28

Hands-On Realistic Pentesting - How to Exploit JWT Vulnerabilities

Three New Attacks 0:40:18

Three New Attacks Against JSON Web Tokens

Attacking JWT - 0:18:28

Attacking JWT - Header Injections

JSON Web Token 0:07:49

JSON Web Token Security

BUG BOUNTY TUTORIAL: 0:10:28

BUG BOUNTY TUTORIAL: ACCOUNT TAKEOVER | JWT HACKING

what is jwt 0:21:57

what is jwt token authentication | attacking jwt for beginners

Hack JWT using 0:17:23

Hack JWT using JSON Web Tokens Attacker BurpSuite extensions

JSON Web Keys 0:29:09

JSON Web Keys (JWK & JWT) - 'Emergency' - HackTheBox Business CTF

API9 - Hacking 0:20:23

API9 - Hacking JSON Web Tokens | JWT | crAPI

Understanding JWT Vulnerabilities: 0:19:25

Understanding JWT Vulnerabilities: The 'None' Vulnerability

Bug Bounty Redacted 0:07:55

Bug Bounty Redacted #4: Writing to S3 buckets & Insecure JWT Implementation

Комментарии
Автор

I was literally doing a box earlier with this struggling to remember what I needed to do haha! Big fan of your content :)

Cossaw
Автор

Awesome job dude... This is what I was looking for.. Holy molyy . WOWWWW

cybersecurehacks
Автор

i dont understand why i get invalid token in the key confusion attack, i did exactly your same steps. maybe its an error with the publickey.txt? i just copied the key on the site in a txt file. another thing that i think its a mistake its what i do when i copy the token i get from jwt tool into the cookie extension: i just copy the token there, save and then refresh the page. what am i missing?

giovanniannunziata
welcome to shbcf.ru