JWT Authentication Bypass via Unverified Signature

👩‍🎓👨‍🎓 Learn about JSON Web Token (JWT) vulnerabilities. Due to implementation flaws, the server doesn't verify the signature of any JWTs that it receives. To solve the lab, we'll modify our session token to gain access to the admin panel, then delete the user carlos. Overview: 0:00 Intro 0:41 Exploiting flawed JWT signature verification 1:32 Accepting arbitrary signatures 1:52 Lab: JWT authentication bypass via unverified signature 3:51 Solution #1: python 5:07 Solution #2: burp suite 7:10 Solution #3: jwt_tool 9:07 Conclusion If you're struggling with the concepts covered in this lab, please review the Introduction to JWT Attacks video first:    • Introduction to JWT Attacks   🧠 For more information, check out https://portswigger.net/web-security/jwt 🔗 ‪@PortSwiggerTV‬ challenge: https://portswigger.net/web-security/... 🧑💻 Sign up and start hacking right now - https://go.intigriti.com/register 👾 Join our Discord - https://go.intigriti.com/discord 🎙️ This show is hosted by   / _cryptocat   ( ‪@_CryptoCat‬ ) &   / intigriti   👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com 🐍 Python scripts demonstrated in this series can be found here: https://github.com/Crypto-Cat/CTF/tre...