But what if the server doesn't accepts the request made to it having the Symmetric Algorithm(parameter) or doesn't accept any altered requests and just neglects it. Then its of no use for us to alter the 'alg' to something else and we have to deal with it the way it excepts(Asymmetric Algorithm)? And btw well explained! Thank You.
Just wanted to drop some appreciation your way! Your content has been an absolute lifesaver for beginners diving into the world of cybersecurity. I would love to see more videos on web vulnerabilities and diving deeper into those crucial interview questions which are not very common, but frequently asked in the interview. Keep up the fantastic work!" :)
Just randomly crashed into this channel yesterday and now I am a subscriber........you are doing a great job Farah.......looking forward to explore this field.
Just don't stop these kind of Videos about Cyber security, as a Beginner myself I rely on UA-cam for gathering 98% of knowledge, so thanks for giving us a video like this! Keep it going! 👍👍🔥
What an amazing video! Great music and sound effects, superb graphics and editing, fresh technical content in a bite sized package, and such a pleasant voice. You're setting the bar really high, and I hope you continue you to do so! Good job!
Please make video on Beginner guide to cybersecurity/ethical hacking and all stuff like scope, carrier, programming languages, Basics,Certification, what to Learn and where?,Resources, etc...
Good stuff, one of the better JWT hacker vids. Another interesting angle to explore is JWTs as an injection/RCE vector, completely outside the context of bypassing authentication. Good times.
One humble request, please try and make a full playlist covering bug bounty hunting concepts with attacks, it can be a series of videos maybe 1-2 videos per week.You pitch your content really well. God bless you!
You're the best. I'm beginner in cybersecurity and I was wondering if anyone could help me where to start. Your videos gave me some direction. carry on👍👍👍
Great tutorial I must say. Could you Please make a guideline type or learning path type video to Start in Cybersecurity field. What are the topics and which resources should follow as a beginner? Thanks
Great content. I've noticed that you blink a lot on this vid. As a suggestion it'd be nice to bring a vid about the tools you use/like/recommend like the one on this vid.
Is the header really important ? I mean why would they show the attacker the alg they are using. Maybe make the signature unpredictable like this? hs256(bs64url(fakeheader)+secretkey+bs64url(body)+bs64url(secretkey),secretkey); am i doing it better or it is bad practice?
This video is really beginner friendly...❤ Already feels like i become a hacker..haha Bt Can you please add subtitle in your videos??? That will be really helpfu.. And thanks a lot..
Hi Farah, That was an amazing video ! Just out of curiosity is there a way we can know how session ID's are generated by bruteforcing or any other means, any help around this would be helpful ! Thanks much :D
Hey farah, I hope you're doing well. I just wanted to ask one small thing which is confusing me, JWT are used for "authorisation" which means after we're logged in it is used to check if we're the same user which logged in vis "authentication". So my question is you used jwt authentication in your thumbnail but jwts are used for authorisation, I just want you to clear this confusion because I think I'm missing something
@@FarahHawa ha thanks I noticed a response and as you said it appeared If the payload has id some random values And other parameters is it possible to be vulnerable
The burp extension, code to change the signature and the lab which was used are all linked in the description!
But what if the server doesn't accepts the request made to it having the Symmetric Algorithm(parameter) or doesn't accept any altered requests and just neglects it. Then its of no use for us to alter the 'alg' to something else and we have to deal with it the way it excepts(Asymmetric Algorithm)?
And btw well explained! Thank You.
Once again, the best beginner friendly content out there. Keep it up.
As a pentester, I tell you you girl rock. Well done, keep up the good work!
Just wanted to drop some appreciation your way! Your content has been an absolute lifesaver for beginners diving into the world of cybersecurity. I would love to see more videos on web vulnerabilities and diving deeper into those crucial interview questions which are not very common, but frequently asked in the interview. Keep up the fantastic work!" :)
Just randomly crashed into this channel yesterday and now I am a subscriber........you are doing a great job Farah.......looking forward to explore this field.
Farah your are an role model and example of millions of Indian women.👍👍👍
Awesome! Lots of videos showed how to do it but they did not explain the vulnerability like you. Thank you!
Just don't stop these kind of Videos about Cyber security, as a Beginner myself I rely on UA-cam for gathering 98% of knowledge, so thanks for giving us a video like this! Keep it going! 👍👍🔥
You've given a precise and beginner friendly tutorial.. thank you so much Farah ! 🤗
M currently doing a project in my office.. they using JWT.. this was actually helpful for testing JWTs.. thank u 🙂
What an amazing video! Great music and sound effects, superb graphics and editing, fresh technical content in a bite sized package, and such a pleasant voice. You're setting the bar really high, and I hope you continue you to do so! Good job!
Hy please don't stop making videos. You are doing great job. I want indian women also be a part of this community 🙂
Thanks to you I could complete a challenge that had been bothering me. Cheers!
10/10
Awesome quality of video
Very informative
Nic editing
👍
Please make video on Beginner guide to cybersecurity/ethical hacking and all stuff like scope, carrier, programming languages, Basics,Certification, what to
Learn and where?,Resources, etc...
Also make video Your CEH journey
Good stuff, one of the better JWT hacker vids. Another interesting angle to explore is JWTs as an injection/RCE vector, completely outside the context of bypassing authentication. Good times.
The best video 👌 out there.Looking forward for more attacks and contents from you..
very good vid this helped me complete a hack the box, very good explanation to.
That's really really helpful and easy to understand! Thank you!
content is super high quality - thank you, Farah!
Thank you Farah for this useful videos but please also suggest us what is recommended way to use.
Welcome Back 🙌
Stay positive!!
wow, you are doing awesome. please keep on posting such walkthrough.
please create a video on how to set up burp suite with android and intercept
loved this video :)
Nice video with Great Explanation... looking forward to watch more videos....🥳
I love you and your teaching ❤️👍🙏
One humble request, please try and make a full playlist covering bug bounty hunting concepts with attacks, it can be a series of videos maybe 1-2 videos per week.You pitch your content really well. God bless you!
how to find the hs256 key ?
Thanks Farah. Just a suggestion that a zoomed coding screen would really be helpful.
Thank you thank you thank you mam , please keep on teaching
Useful video please make full playlist on how to use burpsuit.i think You explain it better than others
Again Thank for this awesome video...👍
Pls don't stop making such a awesome video..
You're the best. I'm beginner in cybersecurity and I was wondering if anyone could help me where to start. Your videos gave me some direction. carry on👍👍👍
Your way more interesting than most teachers probably because you so young I would expect you to know much so that's good
Great tutorial I must say. Could you Please make a guideline type or learning path type video to Start in Cybersecurity field. What are the topics and which resources should follow as a beginner? Thanks
Really Great Information Farah Didi | Thank You So Much | 💝🙏💌
Explanation is top notch.
I love your content, but can you make a video on nftoken
Thank you so much for clear explanation.. 😊👍
Your video is really good for beginner but can you go a little slow and a bit more description? Then it would be perfect.
Hey farah,
Great of you. Would you make a video on your journey till today for the very begginers who wants to Kickstart their career.
Hello Farah you make video (Subdomain Takeover Attack) i'm waiting for your next video
Great content. I've noticed that you blink a lot on this vid. As a suggestion it'd be nice to bring a vid about the tools you use/like/recommend like the one on this vid.
Thanks for dedicating content for beginners !! You are my hero, I want to be just like you when I grow up :)
Said scenarios are not realistic in production. Who implements jwt and doesnt verify signature ?
hello you helped me with ctf tournament thank u very much love ya
Hello Farah, Great video I would love to watch more this kind of content and a video how you started in this field a journey video would be great
Very basic attacks but nicely explained 👍
No such file or directory: 'public.pem' error generate from your script. How can I solve this error?
Huge respect Farah , thank you .
you're welcome 😇
Please make a tutorial on Burp Suite
It's great
Really OP
I love the way you teach
Amazing...but it’s too fast..I got few doubts ...how can I contact?
Is the header really important ?
I mean why would they show the attacker the alg they are using.
Maybe make the signature unpredictable like this?
hs256(bs64url(fakeheader)+secretkey+bs64url(body)+bs64url(secretkey),secretkey);
am i doing it better or it is bad practice?
i am not able to modify tokken through JSON Web Tokens extension :/
I absolutely love ur videos !! Greets from Brazil
Thanks for video it is really nice and simple to learn. Keep it up...
Please continue to post new things you are learning. I could see interesting stuff in your channel. please keep on post new things
Plz make some tutorials for dumbs also plz I don't know in which platform you are working
how i can export publickeey with .pem format in webpage? pls answear
Great job! Really learning a lot out here. Keep up the good work! Happy hacking!
great work , you deserve the best
Great content but
Why u don't upload videos regularly
Thanks for this . And really it's helping me alot as a beginner .
Hey farah. New subscriber to your channel. I just started cybersecurity and ceh. Where should I start from. Any suggestions please
May i know what video editor do you use ?
Explained very well. Hats off
Well this is very helpful ❤️ thank you and waiting for your next video
Great video thank you 💝🇲🇦 following you from Morocco ✌ keep it up
This video is really beginner friendly...❤
Already feels like i become a hacker..haha
Bt Can you please add subtitle in your videos??? That will be really helpfu..
And thanks a lot..
You are legend! Hopefully one day i can be good and work together with you
Hey, I have a question. What do you do when you find a site using HS256 algo, do you suggest them to go for RS256 or just let it be?
I love you content, we learn a lot from people like you.
Hope to be a great bug hunter someday ^^
Make more videos farah
All right but can you tell me how to change the token manually plz becoZ we don't have option which you used in your burp suite.Thank u
You can download the extension. I have mentioned the link for it in the description.
@@FarahHawa but how we add it on burp suite in kali Linux.
@@SahilKumar-ww7xn Use the Extender tab
@@FarahHawa Thanks a lot. Waiting for next vedio 😍🤟
Do we need to get the PEM file somehow or we need to generate it manually???
how do you get the public.pem
Hi Farah, That was an amazing video ! Just out of curiosity is there a way we can know how session ID's are generated by bruteforcing or any other means, any help around this would be helpful ! Thanks much :D
Thanks Farah!! Learnt something new
Ty +1 subscriber! Hi from Argentina.
i really enjoyed your stuff , stay positive
you explained very precisely
Good one, finally I understood the concept 👍
Simple Explanation, Good video
keep up the good work really love the video
thanks ma'am this helped a lot 👍 plzz make such video's and ignore false comments we badly want your help and videos 🙏
Hi Farah, I'm a beginner to Burp Suite. How did you get the JSON Web Token Tab in your intercept.?
Ok I found it in the description, will try that
Sister I didn't get if fully but still I'll try doing this thanks 😊
thank you so much farah
Hi, Please tell me how to get "/tmp/public.pem" which you mentioned in 5:00 min.
4:29 - She copied the text to save it in a file named public.pem
Great and simple..!
Nice video!atlast some hope ..that i can also find bugs..
Yeah
That's what a content creator
Hey farah, I hope you're doing well. I just wanted to ask one small thing which is confusing me, JWT are used for "authorisation" which means after we're logged in it is used to check if we're the same user which logged in vis "authentication". So my question is you used jwt authentication in your thumbnail but jwts are used for authorisation, I just want you to clear this confusion because I think I'm missing something
What if we have HS256?
@farah hawa how did you put the Jason web tokens inside the repeater tab
Mohamed Fahim through the extension mentioned in the description. If it detects a JWT, the tab will automatically appear
@@FarahHawa ha thanks I noticed a response and as you said it appeared
If the payload has id some random values
And other parameters is it possible to be vulnerable
Hello, you are amainzing, I do ctf 153+1 with you!!! Many greetings from Poland!
How can I get started with bug bounty please tell
Hey, are you doing all this in windows or in Linux? It seems like you r using windows
OWASP ZAP or Burp suit is good to be na show thread website