Active Test / JWT Token

Question

DeliciousBounty opened this issue 2 years ago · comments

We are looking for contributors!

JWT attacks involve a user sending modified JWTs to the server to accomplish a malicious goal.
Typically, the goal is to circumvent authentication and access controls by impersonating another authenticated user.
This active check simulates a real attack based JWT token on the API.
Fore more info:
https://portswigger.net/web-security/jwt
https://infosecwriteups.com/attacks-on-json-web-token-jwt-278a49a1ad2e
https://book.hacktricks.xyz/pentesting-web/hacking-jwt-json-web-tokens

Aayush Vishnoi · Answer 1 · Tue Sep 20 2022 15:25:28 GMT+0800 (China Standard Time)

Wanted to Work on this Issues

DeliciousBounty · Answer 2 · Tue Sep 20 2022 18:47:07 GMT+0800 (China Standard Time)

Hey @aayush-vish !
Great, this active test is still available. You can join us on our discord server if you have any question :)
https://discord.gg/nswBjZRt

DeliciousBounty · Answer 3 · Sun Oct 02 2022 02:36:36 GMT+0800 (China Standard Time)

Hello @aayush-vish , do you need any help for this issue?