Hack JWT using JSON Web Tokens Attacker BurpSuite extensions

Рет қаралды 46,540

Күн бұрын

Пікірлер: 50

@ajaykumark107 4 жыл бұрын

Idea for next video: Burp bounty Extension. All videos currently on youtube have no voice over. Please cover this extension in depth as you did for JWT tokens. Great job again!

@thehackerish 4 жыл бұрын

Thanks for the suggestions!

@sundar3357 4 жыл бұрын

You are explaining everything well. Thanks man.

@thehackerish 4 жыл бұрын

Welcome! Enjoy!

@whatiknowtech 4 жыл бұрын

Quick one sir , how do I craft a new timestamp in the JWT payload. Gained a new Subscriber , thank you very much kindly do in depth tutorials on burp extensions .

@thehackerish 4 жыл бұрын

run on the terminal: date +%s

@cricketworld4165 7 ай бұрын

in this process we find upcoming period or number sir!!

@uliun2344 4 жыл бұрын

Suite is pronounced as "sweet". Thanks for the great content.

@theotimeforestier7647 3 жыл бұрын

Very well explained

@0x0313-p 4 жыл бұрын

Can u upload all the vulnerability related JWT and garphQL

@muddassirkhan5953 4 жыл бұрын

is all the token is base64 encode or it depends on the application?

@thehackerish 4 жыл бұрын

You will always find the same structure. It doesn't depend on the application, it is a standard.

@ashpakpinjari9214 4 жыл бұрын

Bro make video on burpbounty,burp collaborator everywhere and X-Forwarded-For extension. Awaiting for your video.

@thehackerish 4 жыл бұрын

Thanks for your suggestion!

@anik6393 4 жыл бұрын

You are the best one😘.

@thehackerish 4 жыл бұрын

You are as well!

@Nirusvlogs 3 жыл бұрын

Nice. So what the secure way to implement JWT token.

@thehackerish 3 жыл бұрын

Validate the signature. Use strong keys for HSxxx, prefer RSA, etc

@Nirusvlogs 3 жыл бұрын

@@thehackerish Thank you so much! But while hacking your removing the signature if use RSA also still you can hack using xss or csfr attacks right. I am having this issuein my website. I want your advise😀

@thehackerish 3 жыл бұрын

@@Nirusvlogs JWT will protect against CSRF if not put in a cookie. However, XSS would exfiltrate the JWT. In this case, you can implement proof-of-possession tools.ietf.org/html/rfc7800.

@ajaykumark107 4 жыл бұрын

Please create more content!!

@housewiring1136 4 ай бұрын

Nice 👍

@hackerproxy19 4 жыл бұрын

one video cover the all (burp suite extensions), can you

@thehackerish 4 жыл бұрын

That would result in a very loooong video which I cannot make unfortunately.

@capleprajapati5575 4 жыл бұрын

1) For the highlighted request with comment as "Contains a JWT", it shows token in Response and not in the Request. Why the request is not having JWT? Also the request which has token is not highlighted with Contains a JWT. 2) The JWT token comes after we login with correct UserID and Password. It does not show before we login into the page. Is this correct? Is this how it is supposed to be?

@thehackerish 4 жыл бұрын

1- The extension detects whenever there is a JWT token either in the request or the response. 2- Yes, JWT tokens are usually used after authentication, in this case using a username and a password