JWT Usage and Exploitation

Index

Description

How to play with JWT

Exploit JWT using JWT TOOL

Preventive Measures /Mitigation

Description

JSON web Token (JWT) is string which is sent in HTTP request (from client to server) to validate authenticity of the client. JWT should be send when user sign in, it should contain the info of user or we can say user identity those who are using it. In case user id is changed, JWT verification will fail.