-
Book Overview & Buying
-
Table Of Contents
-
Feedback & Rating

Burp Suite Cookbook
By :

As more sites provide client API access, JWTs are commonly used for authentication. These tokens hold identity and claim information tied to the resources the user is granted access to on the target site. Web-penetration testers need to read these tokens and determine their strength. Fortunately, there are some handy plugins that make working with JWTs inside Burp Suite much easier. We will learn about these plugins in this recipe.
Log in to your PortSwigger account. We will be using Lab: JWT authentication bypass via flawed signature verification (https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-flawed-signature-verification) and the JWT Editor extension to exploit a signature vulnerability in our target application.
Figure 11.7 – The JWT Editor extension
Change the font size
Change margin width
Change background colour