Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Hacking and Securing JSON Web Tokens (JWT)
Course Introduction
Course Introductin (2:40)
Help & Support
Introduction to JWT
Lab setup (3:53)
Custom Vulnerable APIs - Download
What is JWT? (1:36)
JWT Structure (1:49)
Base64 vs Base64url encoding (1:54)
A word about JWT Signature (1:06)
How JWT works? (4:31)
JWT Demo (7:57)
Summary (0:44)
JWT Indepth
JWT Headers (1:14)
JWT Payload (1:55)
JWT Signature (1:27)
Understanding HS256 (5:57)
HS256 Demo (7:15)
Understanding RS256 (6:26)
RS256 Demo (6:05)
None Algorithm Demo (2:44)
JWT - Command Line Kung-Fu
Manually creating HS256 Signature (7:08)
Generating RSA Keys using Openssl (2:49)
Manually creating RS256 Signature (6:36)
JWT Attacks and Defenses
Introduction (2:01)
Abusing None Algorithm - Demo (4:41)
Abusing None Algorithm using Burpsuite - Demo (4:26)
Signature Stripping Attack - Demo (6:08)
Bruteforcing HS256 Secret Key - Demo (2:45)
Substitution Attack - Demo (6:05)
Defenses (2:10)
Conclusion
Conclusion (0:16)
Teach online with
Manually creating HS256 Signature
Complete and Continue