ATTACKING JWT FOR BEGINNERS!

  Рет қаралды 55,784

Farah Hawa

Farah Hawa

Күн бұрын

Пікірлер: 206
@FarahHawa
@FarahHawa 4 жыл бұрын
The burp extension, code to change the signature and the lab which was used are all linked in the description!
@kunalraut1689
@kunalraut1689 4 жыл бұрын
But what if the server doesn't accepts the request made to it having the Symmetric Algorithm(parameter) or doesn't accept any altered requests and just neglects it. Then its of no use for us to alter the 'alg' to something else and we have to deal with it the way it excepts(Asymmetric Algorithm)? And btw well explained! Thank You.
@afifmalghani755
@afifmalghani755 4 жыл бұрын
Once again, the best beginner friendly content out there. Keep it up.
@jatindersingh7047
@jatindersingh7047 10 ай бұрын
Just wanted to drop some appreciation your way! Your content has been an absolute lifesaver for beginners diving into the world of cybersecurity. I would love to see more videos on web vulnerabilities and diving deeper into those crucial interview questions which are not very common, but frequently asked in the interview. Keep up the fantastic work!" :)
@MattiaCampagnano
@MattiaCampagnano 4 жыл бұрын
As a pentester, I tell you you girl rock. Well done, keep up the good work!
@manikgoenka8720
@manikgoenka8720 4 жыл бұрын
Just randomly crashed into this channel yesterday and now I am a subscriber........you are doing a great job Farah.......looking forward to explore this field.
@thecoder7984
@thecoder7984 4 жыл бұрын
Farah your are an role model and example of millions of Indian women.👍👍👍
@adryelgainza1686
@adryelgainza1686 2 жыл бұрын
Awesome! Lots of videos showed how to do it but they did not explain the vulnerability like you. Thank you!
@corporatemurrell
@corporatemurrell 4 жыл бұрын
What an amazing video! Great music and sound effects, superb graphics and editing, fresh technical content in a bite sized package, and such a pleasant voice. You're setting the bar really high, and I hope you continue you to do so! Good job!
@himanshushah9471
@himanshushah9471 4 жыл бұрын
Please make video on Beginner guide to cybersecurity/ethical hacking and all stuff like scope, carrier, programming languages, Basics,Certification, what to Learn and where?,Resources, etc...
@himanshushah9471
@himanshushah9471 4 жыл бұрын
Also make video Your CEH journey
@monishpalanikumar
@monishpalanikumar 4 жыл бұрын
You've given a precise and beginner friendly tutorial.. thank you so much Farah ! 🤗
@yrks1109
@yrks1109 4 жыл бұрын
Just don't stop these kind of Videos about Cyber security, as a Beginner myself I rely on KZbin for gathering 98% of knowledge, so thanks for giving us a video like this! Keep it going! 👍👍🔥
@shwetakalkhair1206
@shwetakalkhair1206 4 жыл бұрын
M currently doing a project in my office.. they using JWT.. this was actually helpful for testing JWTs.. thank u 🙂
@Unhacker
@Unhacker 2 жыл бұрын
Good stuff, one of the better JWT hacker vids. Another interesting angle to explore is JWTs as an injection/RCE vector, completely outside the context of bypassing authentication. Good times.
@apnimashoori2762
@apnimashoori2762 4 жыл бұрын
how to find the hs256 key ?
@yajusgakhar6969
@yajusgakhar6969 2 жыл бұрын
Thanks to you I could complete a challenge that had been bothering me. Cheers!
@mal0931
@mal0931 3 жыл бұрын
very good vid this helped me complete a hack the box, very good explanation to.
@ElektroDrrrEL
@ElektroDrrrEL 4 жыл бұрын
content is super high quality - thank you, Farah!
@whitehat3937
@whitehat3937 4 жыл бұрын
Hy please don't stop making videos. You are doing great job. I want indian women also be a part of this community 🙂
@haksting
@haksting 4 жыл бұрын
10/10 Awesome quality of video Very informative Nic editing 👍
@MehediHasan-rc1lo
@MehediHasan-rc1lo 4 жыл бұрын
No such file or directory: 'public.pem' error generate from your script. How can I solve this error?
@comedybuzz6629
@comedybuzz6629 4 жыл бұрын
please create a video on how to set up burp suite with android and intercept loved this video :)
@ilyasayusuf5447
@ilyasayusuf5447 3 жыл бұрын
Is the header really important ? I mean why would they show the attacker the alg they are using. Maybe make the signature unpredictable like this? hs256(bs64url(fakeheader)+secretkey+bs64url(body)+bs64url(secretkey),secretkey); am i doing it better or it is bad practice?
@jissjose1382
@jissjose1382 4 жыл бұрын
The best video 👌 out there.Looking forward for more attacks and contents from you..
@matitanium
@matitanium 2 жыл бұрын
how i can export publickeey with .pem format in webpage? pls answear
@sameerkeeran9679
@sameerkeeran9679 3 жыл бұрын
I love you and your teaching ❤️👍🙏
@urssaf343
@urssaf343 Жыл бұрын
Said scenarios are not realistic in production. Who implements jwt and doesnt verify signature ?
@raanonyms7926
@raanonyms7926 4 жыл бұрын
wow, you are doing awesome. please keep on posting such walkthrough.
@AasdKareemKorejo
@AasdKareemKorejo 4 жыл бұрын
Thank you Farah for this useful videos but please also suggest us what is recommended way to use.
@fenilfaldu8740
@fenilfaldu8740 3 жыл бұрын
I love your content, but can you make a video on nftoken
@Abiishek
@Abiishek 4 жыл бұрын
Welcome Back 🙌 Stay positive!!
@mr_ehmed
@mr_ehmed 4 жыл бұрын
i am not able to modify tokken through JSON Web Tokens extension :/
@erezlevi5411
@erezlevi5411 4 жыл бұрын
That's really really helpful and easy to understand! Thank you!
@tirtheshpawar1020
@tirtheshpawar1020 4 жыл бұрын
One humble request, please try and make a full playlist covering bug bounty hunting concepts with attacks, it can be a series of videos maybe 1-2 videos per week.You pitch your content really well. God bless you!
@darshanjogi5781
@darshanjogi5781 4 жыл бұрын
Useful video please make full playlist on how to use burpsuit.i think You explain it better than others
@pastryelite1440
@pastryelite1440 4 жыл бұрын
Nice video with Great Explanation... looking forward to watch more videos....🥳
@PavanKumar-hd2cf
@PavanKumar-hd2cf 2 жыл бұрын
Thank you so much for clear explanation.. 😊👍
@AryanPant2004
@AryanPant2004 Жыл бұрын
Thank you thank you thank you mam , please keep on teaching
@fypage.
@fypage. 4 жыл бұрын
Your way more interesting than most teachers probably because you so young I would expect you to know much so that's good
@vijaySingle143
@vijaySingle143 3 жыл бұрын
Huge respect Farah , thank you .
@FarahHawa
@FarahHawa 3 жыл бұрын
you're welcome 😇
@kamar1380
@kamar1380 4 жыл бұрын
Again Thank for this awesome video...👍 Pls don't stop making such a awesome video..
@surajagarwal3561
@surajagarwal3561 4 жыл бұрын
Plz make some tutorials for dumbs also plz I don't know in which platform you are working
@czemuklown
@czemuklown 3 жыл бұрын
hello you helped me with ctf tournament thank u very much love ya
@urrahman196
@urrahman196 4 жыл бұрын
Great tutorial I must say. Could you Please make a guideline type or learning path type video to Start in Cybersecurity field. What are the topics and which resources should follow as a beginner? Thanks
@roshanrajkumar7827
@roshanrajkumar7827 3 жыл бұрын
Amazing...but it’s too fast..I got few doubts ...how can I contact?
@amishmane
@amishmane 4 жыл бұрын
Thanks Farah. Just a suggestion that a zoomed coding screen would really be helpful.
@alexmridul2403
@alexmridul2403 4 жыл бұрын
It's great Really OP I love the way you teach
@pranayhusukale2666
@pranayhusukale2666 4 жыл бұрын
Explanation is top notch.
@techrims3908
@techrims3908 4 жыл бұрын
Really Great Information Farah Didi | Thank You So Much | 💝🙏💌
@jashan8636
@jashan8636 4 жыл бұрын
You're the best. I'm beginner in cybersecurity and I was wondering if anyone could help me where to start. Your videos gave me some direction. carry on👍👍👍
@danielgrunberger2621
@danielgrunberger2621 4 жыл бұрын
I absolutely love ur videos !! Greets from Brazil
@SahilKumar-ww7xn
@SahilKumar-ww7xn 4 жыл бұрын
All right but can you tell me how to change the token manually plz becoZ we don't have option which you used in your burp suite.Thank u
@FarahHawa
@FarahHawa 4 жыл бұрын
You can download the extension. I have mentioned the link for it in the description.
@SahilKumar-ww7xn
@SahilKumar-ww7xn 4 жыл бұрын
@@FarahHawa but how we add it on burp suite in kali Linux.
@FarahHawa
@FarahHawa 4 жыл бұрын
@@SahilKumar-ww7xn Use the Extender tab
@SahilKumar-ww7xn
@SahilKumar-ww7xn 4 жыл бұрын
@@FarahHawa Thanks a lot. Waiting for next vedio 😍🤟
@gilbertolopez5894
@gilbertolopez5894 4 жыл бұрын
Thanks for dedicating content for beginners !! You are my hero, I want to be just like you when I grow up :)
@ZaidKhan-nk7xr
@ZaidKhan-nk7xr 4 жыл бұрын
Please make a tutorial on Burp Suite
@theprateekmahajan
@theprateekmahajan 4 жыл бұрын
Hey farah, Great of you. Would you make a video on your journey till today for the very begginers who wants to Kickstart their career.
@URKCS-hj9xe
@URKCS-hj9xe 4 жыл бұрын
Hi, Please tell me how to get "/tmp/public.pem" which you mentioned in 5:00 min.
@crocheteur3290
@crocheteur3290 3 жыл бұрын
4:29 - She copied the text to save it in a file named public.pem
@haskellscript
@haskellscript Жыл бұрын
Great content. I've noticed that you blink a lot on this vid. As a suggestion it'd be nice to bring a vid about the tools you use/like/recommend like the one on this vid.
@aayushgoel284
@aayushgoel284 4 жыл бұрын
how do you get the public.pem
@mscor4ever139
@mscor4ever139 4 жыл бұрын
great work , you deserve the best
@hackerproxy19
@hackerproxy19 4 жыл бұрын
Hello Farah you make video (Subdomain Takeover Attack) i'm waiting for your next video
@rohitblaze9015
@rohitblaze9015 4 жыл бұрын
Your video is really good for beginner but can you go a little slow and a bit more description? Then it would be perfect.
@dhruvkandpal9909
@dhruvkandpal9909 4 жыл бұрын
Great job! Really learning a lot out here. Keep up the good work! Happy hacking!
@bheeshamkumar1186
@bheeshamkumar1186 4 жыл бұрын
Thanks for video it is really nice and simple to learn. Keep it up...
@viveksdf
@viveksdf 4 жыл бұрын
Hello Farah, Great video I would love to watch more this kind of content and a video how you started in this field a journey video would be great
@Aravindb26
@Aravindb26 3 жыл бұрын
What if we have HS256?
@MdSajid-fb9ul
@MdSajid-fb9ul 4 жыл бұрын
Explained very well. Hats off
@angeldev96
@angeldev96 4 жыл бұрын
I love you content, we learn a lot from people like you. Hope to be a great bug hunter someday ^^
@bharathpatel1757
@bharathpatel1757 4 жыл бұрын
Thanks for this . And really it's helping me alot as a beginner .
@subhradipmukherjee5440
@subhradipmukherjee5440 4 жыл бұрын
I have a querry , In the payload section u changed user id to "admin" to get admin access , but it isn't necessary that user id of admin is always "admin". It can "admin1234" or "ad_min00" or anything else which can't be guessed easily, so how to know what is victims user id or particularly admin user id?
@viveksdf
@viveksdf 4 жыл бұрын
Brute force it with a user id list
@mohamedfahim3230
@mohamedfahim3230 4 жыл бұрын
@farah hawa how did you put the Jason web tokens inside the repeater tab
@FarahHawa
@FarahHawa 4 жыл бұрын
Mohamed Fahim through the extension mentioned in the description. If it detects a JWT, the tab will automatically appear
@mohamedfahim3230
@mohamedfahim3230 4 жыл бұрын
@@FarahHawa ha thanks I noticed a response and as you said it appeared If the payload has id some random values And other parameters is it possible to be vulnerable
@LexiLominite
@LexiLominite 3 жыл бұрын
May i know what video editor do you use ?
@hassan12141
@hassan12141 4 жыл бұрын
Great content but Why u don't upload videos regularly
@tahan1tonmoy
@tahan1tonmoy 4 жыл бұрын
Very basic attacks but nicely explained 👍
@martinosaidimussa5813
@martinosaidimussa5813 4 жыл бұрын
i really enjoyed your stuff , stay positive
@IdrisKhan7
@IdrisKhan7 4 жыл бұрын
Hi Farah, I'm a beginner to Burp Suite. How did you get the JSON Web Token Tab in your intercept.?
@IdrisKhan7
@IdrisKhan7 4 жыл бұрын
Ok I found it in the description, will try that
@gamebuzz723
@gamebuzz723 4 жыл бұрын
you explained very precisely
@sharathputta1703
@sharathputta1703 4 жыл бұрын
Please continue to post new things you are learning. I could see interesting stuff in your channel. please keep on post new things
@amanali9501
@amanali9501 4 жыл бұрын
How to get they lab 🧪 environment
@FarahHawa
@FarahHawa 4 жыл бұрын
Check the description!
@niteshmore255
@niteshmore255 4 жыл бұрын
OWASP ZAP or Burp suit is good to be na show thread website
@reallyunnecessaryuser
@reallyunnecessaryuser 3 жыл бұрын
Hey, I have a question. What do you do when you find a site using HS256 algo, do you suggest them to go for RS256 or just let it be?
@muhammedsillah111
@muhammedsillah111 4 жыл бұрын
keep up the good work really love the video
@souhaillepacifique7572
@souhaillepacifique7572 4 жыл бұрын
Great video thank you 💝🇲🇦 following you from Morocco ✌ keep it up
@b3ast407
@b3ast407 4 жыл бұрын
Thanks Farah!! Learnt something new
@slbpriank91
@slbpriank91 4 жыл бұрын
You are legend! Hopefully one day i can be good and work together with you
@meljithpereira5532
@meljithpereira5532 3 жыл бұрын
Make more videos farah
@ishanpatel8386
@ishanpatel8386 3 жыл бұрын
Hey farah, I hope you're doing well. I just wanted to ask one small thing which is confusing me, JWT are used for "authorisation" which means after we're logged in it is used to check if we're the same user which logged in vis "authentication". So my question is you used jwt authentication in your thumbnail but jwts are used for authorisation, I just want you to clear this confusion because I think I'm missing something
@we_the_people_of_kashmir3534
@we_the_people_of_kashmir3534 4 жыл бұрын
Hey farah. New subscriber to your channel. I just started cybersecurity and ceh. Where should I start from. Any suggestions please
@avyanshnamdeo6794
@avyanshnamdeo6794 4 жыл бұрын
How can I get started with bug bounty please tell
@DheerajMadhukar
@DheerajMadhukar 4 жыл бұрын
Do we need to get the PEM file somehow or we need to generate it manually???
@alialmasslmany5240
@alialmasslmany5240 4 жыл бұрын
thank you so much farah
@suchomir4493
@suchomir4493 3 жыл бұрын
Hello, you are amainzing, I do ctf 153+1 with you!!! Many greetings from Poland!
@sail6114
@sail6114 4 жыл бұрын
Good one, finally I understood the concept 👍
@swapnilpawar2311
@swapnilpawar2311 4 жыл бұрын
Simple Explanation, Good video
@alexmridul2403
@alexmridul2403 4 жыл бұрын
Yeah That's what a content creator
@ThePomelo09
@ThePomelo09 4 жыл бұрын
Ty +1 subscriber! Hi from Argentina.
@simranpreetsingh5502
@simranpreetsingh5502 4 жыл бұрын
Hi Farah, That was an amazing video ! Just out of curiosity is there a way we can know how session ID's are generated by bruteforcing or any other means, any help around this would be helpful ! Thanks much :D
@saibaba7649
@saibaba7649 4 жыл бұрын
Sister I didn't get if fully but still I'll try doing this thanks 😊
@amansanghai1201
@amansanghai1201 4 жыл бұрын
Hey, are you doing all this in windows or in Linux? It seems like you r using windows
@Status_Zones.
@Status_Zones. 4 жыл бұрын
Nice video!atlast some hope ..that i can also find bugs..
@feynman8692
@feynman8692 4 жыл бұрын
thanks ma'am this helped a lot 👍 plzz make such video's and ignore false comments we badly want your help and videos 🙏
@rudalkumar2177
@rudalkumar2177 4 жыл бұрын
Plz help me I am new in this field. But I have done bca. I wanna learn bug bounty. Plz guide me. I need your help .
APPROACHING AN E-COMMERCE TARGET!
5:48
Farah Hawa
Рет қаралды 19 М.
HACKING OAuth 2.0 FOR BEGINNERS!
10:26
Farah Hawa
Рет қаралды 44 М.
Tuna 🍣 ​⁠@patrickzeinali ​⁠@ChefRush
00:48
albert_cancook
Рет қаралды 148 МЛН
Cat mode and a glass of water #family #humor #fun
00:22
Kotiki_Z
Рет қаралды 42 МЛН
Hack JWT using JSON Web Tokens Attacker BurpSuite extensions
17:23
thehackerish
Рет қаралды 46 М.
BYPASSING SAML AUTHENTICATION FOR BEGINNERS!
8:24
Farah Hawa
Рет қаралды 30 М.
Dependency Injection, The Best Pattern
13:16
CodeAesthetic
Рет қаралды 904 М.
why do hackers love strings?
5:42
Low Level
Рет қаралды 430 М.
HACKING postMessage() FOR BEGINNERS!
8:57
Farah Hawa
Рет қаралды 34 М.
HACKING GraphQL FOR BEGINNERS + GIVEAWAY (closed)
8:58
Farah Hawa
Рет қаралды 37 М.
Taking over a website with JWT Tokens!
14:27
Tech Raj
Рет қаралды 61 М.
How to Master FFUF for Bug Bounties and Pen Testing
28:57
codingo
Рет қаралды 61 М.
Tuna 🍣 ​⁠@patrickzeinali ​⁠@ChefRush
00:48
albert_cancook
Рет қаралды 148 МЛН