ATTACKING JWT FOR BEGINNERS!

The burp extension, code to change the signature and the lab which was used are all linked in the description!

As a pentester, I tell you you girl rock. Well done, keep up the good work!

Hy please don't stop making videos. You are doing great job. I want indian women also be a part of this community 🙂

Just randomly crashed into this channel yesterday and now I am a subscriber........you are doing a great job Farah.......looking forward to explore this field.

Just wanted to drop some appreciation your way! Your content has been an absolute lifesaver for beginners diving into the world of cybersecurity. I would love to see more videos on web vulnerabilities and diving deeper into those crucial interview questions which are not very common, but frequently asked in the interview. Keep up the fantastic work!" :)

Once again, the best beginner friendly content out there. Keep it up.

Farah your are an role model and example of millions of Indian women.👍👍👍

You're the best. I'm beginner in cybersecurity and I was wondering if anyone could help me where to start. Your videos gave me some direction. carry on👍👍👍

Awesome! Lots of videos showed how to do it but they did not explain the vulnerability like you. Thank you!

What an amazing video! Great music and sound effects, superb graphics and editing, fresh technical content in a bite sized package, and such a pleasant voice. You're setting the bar really high, and I hope you continue you to do so! Good job!

One humble request, please try and make a full playlist covering bug bounty hunting concepts with attacks, it can be a series of videos maybe 1-2 videos per week.You pitch your content really well. God bless you!

10/10
Awesome quality of video
Very informative
Nic editing
👍

Welcome Back 🙌
Stay positive!!

Good stuff, one of the better JWT hacker vids. Another interesting angle to explore is JWTs as an injection/RCE vector, completely outside the context of bypassing authentication. Good times.

Thanks to you I could complete a challenge that had been bothering me. Cheers!

Thank you thank you thank you mam , please keep on teaching

Thanks Farah. Just a suggestion that a zoomed coding screen would really be helpful.

Great tutorial I must say. Could you Please make a guideline type or learning path type video to Start in Cybersecurity field. What are the topics and which resources should follow as a beginner? Thanks

I love your content, but can you make a video on nftoken

how to find the hs256 key ?

Your way more interesting than most teachers probably because you so young I would expect you to know much so that's good

Is the header really important ?
I mean why would they show the attacker the alg they are using.
Maybe make the signature unpredictable like this?
hs256(bs64url(fakeheader)+secretkey+bs64url(body)+bs64url(secretkey),secretkey);
am i doing it better or it is bad practice?

Useful video please make full playlist on how to use burpsuit.i think You explain it better than others

Amazing...but it’s too fast..I got few doubts ...how can I contact?

content is super high quality - thank you, Farah!

Nice video with Great Explanation... looking forward to watch more videos....🥳

Hey farah,
Great of you. Would you make a video on your journey till today for the very begginers who wants to Kickstart their career.

Please make a tutorial on Burp Suite

Again Thank for this awesome video...👍
Pls don't stop making such a awesome video..

wow, you are doing awesome. please keep on posting such walkthrough.

The best video 👌 out there.Looking forward for more attacks and contents from you..

No such file or directory: 'public.pem' error generate from your script. How can I solve this error?

Really Great Information Farah Didi | Thank You So Much | 💝🙏💌

This video is really beginner friendly...❤
Already feels like i become a hacker..haha
Bt Can you please add subtitle in your videos??? That will be really helpfu..
And thanks a lot..

Thanks for dedicating content for beginners !! You are my hero, I want to be just like you when I grow up :)

Your video is really good for beginner but can you go a little slow and a bit more description? Then it would be perfect.

Hello Farah, Great video I would love to watch more this kind of content and a video how you started in this field a journey video would be great

Please continue to post new things you are learning. I could see interesting stuff in your channel. please keep on post new things

May i know what video editor do you use ?

All right but can you tell me how to change the token manually plz becoZ we don't have option which you used in your burp suite.Thank u

Hello, you are amainzing, I do ctf 153+1 with you!!! Many greetings from Poland!

Great content but
Why u don't upload videos regularly

Huge respect Farah , thank you .

Thanks for this . And really it's helping me alot as a beginner .

Very basic attacks but nicely explained 👍

Great and simple..!

Hi, Please tell me how to get "/tmp/public.pem" which you mentioned in 5:00 min.

It's great
Really OP
I love the way you teach

Explained very well. Hats off

Great job! Really learning a lot out here. Keep up the good work! Happy hacking!

thank you so much farah

You are legend! Hopefully one day i can be good and work together with you

Turn off your face camera while performing demonstration Does not appear clear

i am not able to modify tokken through JSON Web Tokens extension :/

What if we have HS256?

Well this is very helpful ❤️ thank you and waiting for your next video

Great video thank you 💝🇲🇦 following you from Morocco ✌ keep it up

Thanks Farah!! Learnt something new

great work , you deserve the best

Gr8 job, keep it up

Good one, finally I understood the concept 👍

Hey farah, I hope you're doing well. I just wanted to ask one small thing which is confusing me, JWT are used for "authorisation" which means after we're logged in it is used to check if we're the same user which logged in vis "authentication". So my question is you used jwt authentication in your thumbnail but jwts are used for authorisation, I just want you to clear this confusion because I think I'm missing something

Hi Farah, That was an amazing video ! Just out of curiosity is there a way we can know how session ID's are generated by bruteforcing or any other means, any help around this would be helpful ! Thanks much :D

keep up the good work really love the video

Simple Explanation, Good video

Hey, I have a question. What do you do when you find a site using HS256 algo, do you suggest them to go for RS256 or just let it be?

Ty +1 subscriber! Hi from Argentina.

Nice video!atlast some hope ..that i can also find bugs..

Good tutorial

Hey, are you doing all this in windows or in Linux? It seems like you r using windows

How to get they lab 🧪 environment

Keep it up Farah!

I have a querry , In the payload section u changed user id to "admin" to get admin access , but it isn't necessary that user id of admin is always "admin". It can "admin1234" or "ad_min00" or anything else which can't be guessed easily, so how to know what is victims user id or particularly admin user id?

Thanks Farah...

Keep growing di

Muchas gracias, gran video, me ayudo mucho.

👍very nice video🙂

OWASP ZAP or Burp suit is good to be na show thread website

Plz help me I am new in this field. But I have done bca. I wanna learn bug bounty. Plz guide me. I need your help .

Very well explained. ✌

why are you block me on twitter?

Great.... it was sooooo helpful :)

Love from far, from ethical learner

Make a beginner level tutorial for Basic Authentication

Is this inspired by Black Hills?

Hey i am having problem ..i am getting 302 for 2 of them

Very good tutorial,

You need to turn off the camera , when you demonstrate the situation.

Please upload more tutorial...
..

Useful video 👍

thanks for the video

Can we get the code to change the signature

Amazing!

Nice video!

keep up the good work, and dont think about quieting youtube because of some shitty comment sister. And once again thanks for posting such a wonderful video.

how old are you kid?

With subtitles, it might be better

Waiting for Christi Vlad to comment😂

I ❤ YOU

i am beginner to this pentesting. what is bearer token. whether it can see in request or response while intercept in burp. and also any link for this topic to study.
Oauthauthentication is used in bearer token?