Taking over a website with JWT Tokens!

In this video, I'll talk about JWT (JSON Web Token) confusion attack. The confusion between implementing two types of algorithms (symmetric key and asymmetric key) is the root cause of the confusion attack. Using this, an attacker will be able to spoof his JWT token and give himself superuser/administrator permissions on the server.

Disclaimer: This video is intended for educational purposes only. All penetration testing shown here is done in a controlled environment (PortSwigger lab) and should not be attempted on live systems without proper authorization. I do not condone/encourage any illegal/malicious activities.

Here is the PortSwigger lab I used in the video: https://portswigger.net/web-security/jwt/algorithm-confusion/lab-jwt-authentication-bypass-via-algorithm-confusion

Join my Discord: https://discord.gg/6TjBzgt Follow me on Instagram: https://instagram.com/teja.techraj Website: https://techraj156.com​​​​​ Blog: https://blog.techraj156.com

Thanks for watching! SUBSCRIBE for more videos! ... https://www.youtube.com/watch?v=RmR6cmyLmiI