Quick question, if I get access to someone else's token and use this token to make requests to a server, will the server recognise that I am not the original owner of the token?
what if we encrypt the jwt token with crypto ex: const token = crypto.AES.encrypt(jwt.sign({...payload},'secret'),'enc-secret') const decode = crypto.AES.decrypt(token,'enc-secret') just an idea
@@gihanrangana6248 well, you get an encrypted and signed thing. What for? The issue is not "not enough encryption", the issue is weak secrets. And generally bad design of JWT and JWT libraries, but that's regarding other attacks. I really dislike JWTs, way too large of an attack surface, and a huge issue with revoking access once a token is granted, but too much hype.
Please Make an hour long video if need be. I'll watch it.
Idc if a JWT video turned into an entire course, I'd buy it....and watch it. More JWT content!
+1 for more JWT content
+10 for more JWT content
1
This is one of the best demo code I have seen with video explaining clearly. Keep doing more of these. ❤
Very clear explanation. I'm all for deep dive too. Make it a series if needed.
Please make full deepdrive on jwt
JWT Deep dive please!! Thank you!
Yes please make a deep dive of JWT attacks!
yes , I am excited to see more content on this ..... Like you said header injection and all . I 'll be waiting for next video.
that was great and simple thank you
@darkside_hackers.... you guys still exist ?
You're a great instructor. Keep it up
Would absolutely freaking love a JWT deep dive 🤩
Would love to see JWT Deep Dive
you are awesome!!. very clear and informative. deep dive into jwts!!. keep up!!.
I would definitely watch a jwt deep dive, looking forward to it!!
Yes, we love watching more videos
Yes would love more content on JWT
yes please!
Btw, very comprehensive way of explaining things! 👍
3 hour video about JWTs sounds great. Also, what application were you using to test?
It's a great demonstration we will be happy if you go deep into it. We have to know how to protect our work.
This is an important topic to me. Would love another video that goes deeper.
Yes sir make a jwt deepdown I loved to watch, its very useful to me
Super insightful! We need a deep dive!
Yes we would like to, thank you for the effort!
Great video, excellent explanation, I would definitely watch however long the video might be.
Make a video on how best to secure jwt from these attacks.
Awesome Video ♥️♥️, please deep dive video
Wow idk it was the fact u were using JS or im already familiar with this kinda stuff, all i know i really enjoyed watching.
Willing to watch a JWT deep dive
Great Video!
JWT deep dive FTW!
This is a great video! Do you have any experience using JWTs in place of cookies?
Nicely put together
Good explained it. Please make more videos. I am not miss it.
Always using jwts but never taken the time to learn more about them. I'm all in for a deep dive!
fantastic video, can you share the git-hub repo so we can tinker around with the code
please, make the complete vdeo.
Yes please, those videos are very usefull.
Thanks dude , but i'm as a developer , we create secret key from hash 32bite so t think is to hard to crack JWT
Please make a video on algorithm confusion and header injection
Quick question, if I get access to someone else's token and use this token to make requests to a server, will the server recognise that I am not the original owner of the token?
Amazing content! 🤟
Please make deep video on JWT security testing.
Great content, thank you
I am absolutely for a JWT deep dive 👍
We are willing to watch it and have the patience, so please make it lol
Please do!!!! So cool. I promise to watch ;-)
In algorithm part we can exploit by specifying "no algorithm"
The widely used jwt libraries force you to specify an algorithm for verification.
go on. It's very useful
What is solution to prevent brute force?
bro pls tell what can do to secure jwt token?
We would love to watch jwt deep dive
Nice Video
YEs i want to watch it
Can you make a video on Linux server administrator
In depth
I feel better now that my application uses a 64-character alphanumeric string
Thank you!
I'd watch it
More JTW please
More JWT content!
great tutorial
Deep dive, deep dive, deep dive!
Plz 🤪
JWT deep dive please
Please Deep Dive JWT
Vocal fry is a thing.
JWT DEEP DIVE PLEASE❤
more jwt. please
How to prevent JWT from decoding?
JWTs are meant to be decoded.
You CAN encrypt an entire JWT, but this isn't super common.
@@st8113 thanks.
5:02 *request :)
How about I use JWT in a HTTPS connection ?
Https protects against random computers intercepting the traffic, but does nothing to protect your cookies/jwt/whatever else from user manipulation
More JWT
Awesome
JWT deep dive
Make long video jwt
♥️
Smith David White Ruth Wilson Charles
what if we encrypt the jwt token with crypto
ex: const token = crypto.AES.encrypt(jwt.sign({...payload},'secret'),'enc-secret')
const decode = crypto.AES.decrypt(token,'enc-secret')
just an idea
or we can encrypt the payload and put it inside the token
@@gihanrangana6248 well, you get an encrypted and signed thing. What for? The issue is not "not enough encryption", the issue is weak secrets. And generally bad design of JWT and JWT libraries, but that's regarding other attacks.
I really dislike JWTs, way too large of an attack surface, and a huge issue with revoking access once a token is granted, but too much hype.
Great video!
JWT deep dive please