Quick question, if I get access to someone else's token and use this token to make requests to a server, will the server recognise that I am not the original owner of the token?
what if we encrypt the jwt token with crypto ex: const token = crypto.AES.encrypt(jwt.sign({...payload},'secret'),'enc-secret') const decode = crypto.AES.decrypt(token,'enc-secret') just an idea
@@gihanrangana6248 well, you get an encrypted and signed thing. What for? The issue is not "not enough encryption", the issue is weak secrets. And generally bad design of JWT and JWT libraries, but that's regarding other attacks. I really dislike JWTs, way too large of an attack surface, and a huge issue with revoking access once a token is granted, but too much hype.
Please Make an hour long video if need be. I'll watch it.
Idc if a JWT video turned into an entire course, I'd buy it....and watch it. More JWT content!
+1 for more JWT content
+10 for more JWT content
1
This is one of the best demo code I have seen with video explaining clearly. Keep doing more of these. ❤
Very clear explanation. I'm all for deep dive too. Make it a series if needed.
Please make full deepdrive on jwt
Yes please make a deep dive of JWT attacks!
JWT Deep dive please!! Thank you!
yes , I am excited to see more content on this ..... Like you said header injection and all . I 'll be waiting for next video.
You're a great instructor. Keep it up
that was great and simple thank you
@darkside_hackers.... you guys still exist ?
Would love to see JWT Deep Dive
Would absolutely freaking love a JWT deep dive 🤩
I would definitely watch a jwt deep dive, looking forward to it!!
you are awesome!!. very clear and informative. deep dive into jwts!!. keep up!!.
It's a great demonstration we will be happy if you go deep into it. We have to know how to protect our work.
Yes, we love watching more videos
This is an important topic to me. Would love another video that goes deeper.
Yes would love more content on JWT
yes please!
Btw, very comprehensive way of explaining things! 👍
JWT deep dive FTW!
Yes sir make a jwt deepdown I loved to watch, its very useful to me
Yes we would like to, thank you for the effort!
Wow idk it was the fact u were using JS or im already familiar with this kinda stuff, all i know i really enjoyed watching.
Super insightful! We need a deep dive!
3 hour video about JWTs sounds great. Also, what application were you using to test?
Willing to watch a JWT deep dive
Great video, excellent explanation, I would definitely watch however long the video might be.
This is a great video! Do you have any experience using JWTs in place of cookies?
Awesome Video ♥️♥️, please deep dive video
Great Video!
Always using jwts but never taken the time to learn more about them. I'm all in for a deep dive!
Make a video on how best to secure jwt from these attacks.
Good explained it. Please make more videos. I am not miss it.
I am absolutely for a JWT deep dive 👍
Nicely put together
please, make the complete vdeo.
Yes please, those videos are very usefull.
I feel better now that my application uses a 64-character alphanumeric string
We are willing to watch it and have the patience, so please make it lol
Please make deep video on JWT security testing.
We would love to watch jwt deep dive
Great content, thank you
Amazing content! 🤟
go on. It's very useful
Please make a video on algorithm confusion and header injection
YEs i want to watch it
I'd watch it
Thank you!
Nice Video
Thanks dude , but i'm as a developer , we create secret key from hash 32bite so t think is to hard to crack JWT
Please do!!!! So cool. I promise to watch ;-)
Quick question, if I get access to someone else's token and use this token to make requests to a server, will the server recognise that I am not the original owner of the token?
fantastic video, can you share the git-hub repo so we can tinker around with the code
Deep dive, deep dive, deep dive!
Plz 🤪
What is solution to prevent brute force?
More JTW please
great tutorial
bro pls tell what can do to secure jwt token?
In algorithm part we can exploit by specifying "no algorithm"
The widely used jwt libraries force you to specify an algorithm for verification.
More JWT content!
Please Deep Dive JWT
Awesome
JWT deep dive please
jwt tool link?
JWT DEEP DIVE PLEASE❤
Vocal fry is a thing.
5:02 *request :)
More JWT
more jwt. please
Can you make a video on Linux server administrator
In depth
JWT deep dive
♥️
How about I use JWT in a HTTPS connection ?
Https protects against random computers intercepting the traffic, but does nothing to protect your cookies/jwt/whatever else from user manipulation
How to prevent JWT from decoding?
JWTs are meant to be decoded.
You CAN encrypt an entire JWT, but this isn't super common.
@@st8113 thanks.
Make long video jwt
what if we encrypt the jwt token with crypto
ex: const token = crypto.AES.encrypt(jwt.sign({...payload},'secret'),'enc-secret')
const decode = crypto.AES.decrypt(token,'enc-secret')
just an idea
or we can encrypt the payload and put it inside the token
@@gihanrangana6248 well, you get an encrypted and signed thing. What for? The issue is not "not enough encryption", the issue is weak secrets. And generally bad design of JWT and JWT libraries, but that's regarding other attacks.
I really dislike JWTs, way too large of an attack surface, and a huge issue with revoking access once a token is granted, but too much hype.
Great video!
JWT deep dive please