JWT Usage and Exploitation

Index

Description

How to play with JWT

Exploit JWT using JWT TOOL

Preventive Measures /Mitigation

Description

JSON web Token (JWT) is string which is sent in HTTP request (from client to server) to validate authenticity of the client. JWT should be send when user sign in, it should contain the info of user or we can say user identity those who are using it. In case user id is changed, JWT verification will fail.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store