How to Exploit 'Json Web Token'(JWT) vulnerabilities | Full Practical

preview_player
Показать описание
JSON Web Token (JWT, RFC 7519) is a way to encode claims in a JSON document that is then signed. JWTs can be used as OAuth 2.0 Bearer Tokens to encode all relevant parts of an access token into the access token itself instead of having to store them in a database.

:::::::::::::::::::::::::::::::::::::::::::
00:00 - intro
00:12 - What is JWT?
01:19 - None Algorithm Vulnerability
01:45 - Practical : None Algorithm Vulnerability

02:30 - RS256 to HS256 Vulnerability
03:04 - Practical : RS256 to HS256 Vulnerability
05:32 - Weak JWT Signature
07:08 - Conclusion

:::::::::::::::::::::::::::::::::::::::::::
  1. LinuxSploit
  2. Apple JWT
  3. Apple Json web Token
  4. JWT none algorithm
  5. JWT RS256 to HS256
  6. JWT Cracking
Рекомендации по теме
How to Exploit 0:07:25

How to Exploit 'Json Web Token'(JWT) vulnerabilities | Full Practical

How Hackers Hack 0:13:15

How Hackers Hack JSON Web Tokens

JSON Web Token 0:06:30

JSON Web Token Hacking

Cracking JSON Web 0:14:34

Cracking JSON Web Tokens

Hands-On Realistic Pentesting 0:07:28

Hands-On Realistic Pentesting - How to Exploit JWT Vulnerabilities

Bug Bounty Explained! 0:12:20

Bug Bounty Explained! How Hackers Break Into Your Website Using Only JSON?! Protect Your Website!

JSON Web Token 0:07:49

JSON Web Token Security

Taking over a 0:14:27

Taking over a website with JWT Tokens!

OWASP London Chapter 2:18:20

OWASP London Chapter Meetup 15-Jan-2025 Live-Stream

JSON Web Token 0:16:28

JSON Web Token Vulnerabilities

JWT | JSON 0:09:50

JWT | JSON Web Token | Bug Bounty | Penetration Testing

🚨Admin Panel Bypass 0:04:13

🚨Admin Panel Bypass | Privilege Escalation with JWT (JSON Web Token) | Bug Bounty - PoC 🚨

ATTACKING JWT FOR 0:07:39

ATTACKING JWT FOR BEGINNERS!

Hacking and Securing 0:07:09

Hacking and Securing JSON Web Tokens(JWT) - Manually creating HS256 signature

JSON Web Keys 0:29:09

JSON Web Keys (JWK & JWT) - 'Emergency' - HackTheBox Business CTF

Hack JWT using 0:17:23

Hack JWT using JSON Web Tokens Attacker BurpSuite extensions

Attacking JWT - 0:18:28

Attacking JWT - Header Injections

Introduction to JWT 0:03:46

Introduction to JWT tokens - What are they and how can we hack them

BUG BOUNTY TUTORIAL: 0:10:28

BUG BOUNTY TUTORIAL: ACCOUNT TAKEOVER | JWT HACKING

What is JWT 0:06:34

What is JWT token | How to exploit | explain hackerone reports | Bug bounty technique

Hacking and Securing 0:04:42

Hacking and Securing JSON Web Tokens(JWT) - None signature attack

JSON Web Token 0:17:17

JSON Web Token Exploitation

JWT Hacking (JSON 0:35:24

JWT Hacking (JSON Web Token)

JSON Web Token 0:30:16

JSON Web Token (JWT) Exploit with SQL Injection | CTF Walkthrough

Комментарии
Автор

Become Part of LinuxSploit by clicking SUBSCRIBE button <3

LinuxSploitOfficial
Автор

This is awesome you went into depth on how Jwt works thank you

corpsecoder
Автор

Thanks, Boss. The first part helped me in a CTF

marshal_demi
Автор

Superb explanation bro need more videos on these critical bugs 👍🏻

sushantkamble
Автор

thanks, man....waiting for more videos like this...

jerrytech
Автор

When i write the same python code 4:09 in Window i get another output . Idk why ! :(

dr_tomato
Автор

Where can we get the public key in order to get the admin token ?

vishalkothari
Автор

great content, subscribed, hope to see the same quality content

grgnizz
Автор

Thank you for your video, it is really helpful! If we want to make the python script appropriate for RS256 algorithm encryption, not HS256, what modules should we use and how should we modify the code in order to produce the corresponding signature? Thanks a lot.

smandoece
Автор

Are there any online websites or tools that can convert RSA to HMAC JSON Token

macspexs
Автор

Please Can you host the code that used to crack the jwt ??

healthplus
Автор

impossible to watch with annoying robot voice

borderline