Idea for next video: Burp bounty Extension. All videos currently on youtube have no voice over. Please cover this extension in depth as you did for JWT tokens. Great job again!
Quick one sir , how do I craft a new timestamp in the JWT payload. Gained a new Subscriber , thank you very much kindly do in depth tutorials on burp extensions .
@@thehackerish Thank you so much! But while hacking your removing the signature if use RSA also still you can hack using xss or csfr attacks right. I am having this issuein my website. I want your advise😀
@@Nirusvlogs JWT will protect against CSRF if not put in a cookie. However, XSS would exfiltrate the JWT. In this case, you can implement proof-of-possession tools.ietf.org/html/rfc7800.
1) For the highlighted request with comment as "Contains a JWT", it shows token in Response and not in the Request. Why the request is not having JWT? Also the request which has token is not highlighted with Contains a JWT. 2) The JWT token comes after we login with correct UserID and Password. It does not show before we login into the page. Is this correct? Is this how it is supposed to be?
1- The extension detects whenever there is a JWT token either in the request or the response. 2- Yes, JWT tokens are usually used after authentication, in this case using a username and a password
Idea for next video: Burp bounty Extension. All videos currently on youtube have no voice over. Please cover this extension in depth as you did for JWT tokens. Great job again!
Thanks for the suggestions!
You are explaining everything well. Thanks man.
Welcome! Enjoy!
Suite is pronounced as "sweet".
Thanks for the great content.
in this process we find upcoming period or number sir!!
Quick one sir , how do I craft a new timestamp in the JWT payload. Gained a new Subscriber , thank you very much kindly do in depth tutorials on burp extensions .
run on the terminal: date +%s
Can u upload all the vulnerability related JWT and garphQL
Please create more content!!
Very well explained
Bro make video on burpbounty,burp collaborator everywhere and X-Forwarded-For extension. Awaiting for your video.
Thanks for your suggestion!
is all the token is base64 encode or it depends on the application?
You will always find the same structure. It doesn't depend on the application, it is a standard.
Nice 👍
Nice. So what the secure way to implement JWT token.
Validate the signature. Use strong keys for HSxxx, prefer RSA, etc
@@thehackerish Thank you so much! But while hacking your removing the signature if use RSA also still you can hack using xss or csfr attacks right. I am having this issuein my website. I want your advise😀
@@Nirusvlogs JWT will protect against CSRF if not put in a cookie. However, XSS would exfiltrate the JWT. In this case, you can implement proof-of-possession tools.ietf.org/html/rfc7800.
thanks
one video cover the all (burp suite extensions), can you
That would result in a very loooong video which I cannot make unfortunately.
You are the best one😘.
You are as well!
1) For the highlighted request with comment as "Contains a JWT", it shows token in Response and not in the Request. Why the request is not having JWT? Also the request which has token is not highlighted with Contains a JWT.
2) The JWT token comes after we login with correct UserID and Password. It does not show before we login into the page. Is this correct? Is this how it is supposed to be?
1- The extension detects whenever there is a JWT token either in the request or the response.
2- Yes, JWT tokens are usually used after authentication, in this case using a username and a password
My laptop says “AuthSdkError: The JWT was issued in the future”..
Can you please help me?
set the iat field of the JWT to a correct timestamp I guess.
I know am a little late but great video thank you very much well explained 🙏🤘
Never late, welcome!
nice content
Bro make a video on WAF bypass extension plzzz
very nice
Sorry, How add in burp in request JSON WEB TOKENS?
Take ❤️❤️❤️❤️
♥️
Bad token; invalid alg
Hi can you hack carrom pool gems and coins please
Nope, sorry!
Can you send me file carrom