JWT Usage and Exploitation
How to play with JWT
Exploit JWT using JWT TOOL
Preventive Measures /Mitigation
JSON web Token (JWT) is string which is sent in HTTP request (from client to server) to validate authenticity of the client. JWT should be send when user sign in, it should contain the info of user or we can say user identity those who are using it. In case user id is changed, JWT verification will fail.