Youtor
Introduction to JWT Attacks
>> YOUR LINK HERE: ___ http://youtube.com/watch?v=GIq3naOLrTg
π©ππ¨π Learn about JSON Web Token (JWT) vulnerabilities. This video provides an introduction to JWT's; what are they? How are they formatted? What's a JWT signature? What are JWS's and JWE's? What are JWT attacks? What impact do they have? How do the vulnerabilities arise? How can we work with JWTs (jwt.io, CyberChef, burp, jwt_tool etc). This theory-focused video will offer some fundamental background knowledge that will assist in the practical labs, covered in future videos π • Overview: • 0:00 Intro • 0:46 JWT Attacks • 1:13 What are JSON Web Tokens? • 1:43 JWT Format • 2:26 JWT Signature • 2:57 JWT vs JWS vs JWE • 3:35 Impact/Cause of JWT Vulnerabilities • 4:44 JWT Tampering Demo (Python) • 7:00 Working with JWTs (jwt.io, CyberChef) • 9:10 Automating Attacks Against JWTs (jwt_tool) • 12:34 Burp Extensions (JSON Web Tokens + JWT Editor) • 15:57 Conclusion • For more information, check out https://portswigger.net/web-security/jwt • π βͺ@PortSwiggerTVβ¬ labs: https://portswigger.net/web-security/... • π§π» Sign up and start hacking right now - https://go.intigriti.com/register • πΎ Join our Discord - https://go.intigriti.com/discord • ποΈ This show is hosted by / _cryptocat ( βͺ@_CryptoCatβ¬ ) / intigriti • π Do you want some Intigriti Swag? Check out https://swag.intigriti.com • π Python scripts demonstrated in this series can be found here: https://github.com/Crypto-Cat/CTF/tre... • π Additional resources π • https://jwt.io • https://gchq.github.io/CyberChef • https://book.hacktricks.xyz/pentestin... • https://portswigger.net/burp/document... • https://github.com/ticarpi/jwt_tool/wiki
#############################
