1
00:00:12,340 --> 00:00:14,900
Hey, guys, welcome back to another episode on How to Hack.

2
00:00:15,340 --> 00:00:22,270
So today we will be discussing about JWT tokens, which are JSON Web tokens, and it is primarily used

3
00:00:22,270 --> 00:00:23,440
for authentication.

4
00:00:23,440 --> 00:00:26,110
And there are certain common pitfalls that we have to watch out for.

5
00:00:26,710 --> 00:00:34,380
So over here, we can have an introduction to JSON tokens, which allow clients to indicate its identification,

6
00:00:34,390 --> 00:00:36,910
its further exchanges after authentication.

7
00:00:37,360 --> 00:00:42,210
And of course, here we have the second tab as well on the structure of JWT token.

8
00:00:42,220 --> 00:00:49,030
So JWT token is basically for All Right and KODET and consists of three main parts, which is Hater's

9
00:00:49,390 --> 00:00:52,240
claims or otherwise called Pelote as well as signature.

10
00:00:52,420 --> 00:00:57,580
So in this case, we have, for example, over here, JWT hater and we have ALJ.

11
00:00:57,630 --> 00:01:03,840
So LG stands for the algorithm that we'll be using for and we have IP, which is of course, Jason,

12
00:01:03,850 --> 00:01:05,710
Web tokens, and we have to pay.

13
00:01:05,980 --> 00:01:11,380
So people are basically information and we're putting in do so over here.

14
00:01:11,380 --> 00:01:13,620
We have, for example, the XP.

15
00:01:13,720 --> 00:01:15,430
We have a user name we have to scope.

16
00:01:15,430 --> 00:01:20,700
Do you Tomatis, for example, certain specific roles that the user has on the website.

17
00:01:20,890 --> 00:01:21,190
All right.

18
00:01:21,190 --> 00:01:24,280
And many, many other different details and data that we can input in.

19
00:01:24,760 --> 00:01:29,020
And of course, we have the encryption key and as well as D generated JWT token.

20
00:01:29,030 --> 00:01:30,010
So go in and clicked on it.

21
00:01:30,490 --> 00:01:32,230
And we have three key parts.

22
00:01:32,260 --> 00:01:33,730
So firstly we have the data.

23
00:01:33,760 --> 00:01:34,060
All right.

24
00:01:34,060 --> 00:01:42,240
And this is followed by a single full stop sign followed by Paillot and then finally on the signature.

25
00:01:42,520 --> 00:01:45,700
And of course, we have the full JWT token over here, as you can see.

26
00:01:46,210 --> 00:01:50,830
So, of course, you can easily change the encryption key to say one, two, three, four, five, six.

27
00:01:50,830 --> 00:01:55,980
Go ahead and click on generate JWT token and it will produce the signature.

28
00:01:56,020 --> 00:02:02,110
OK, so very quickly, we understand about the structure of the JWT token and you can easily make amendments,

29
00:02:02,110 --> 00:02:07,330
changes to both the header de payload as well as the encryption key.

30
00:02:07,560 --> 00:02:07,770
All right.

31
00:02:07,810 --> 00:02:12,380
So all those can easily be changed to structure and content of value if it can be changed.

32
00:02:12,880 --> 00:02:15,640
And here we have the basic sequence, which is pretty straightforward.

33
00:02:15,650 --> 00:02:17,290
So you have to browser coming in.

34
00:02:17,440 --> 00:02:23,200
So it could be Google Chrome, Firefox Safari, any browser from any operating system, which is then

35
00:02:23,200 --> 00:02:25,070
later connected to the Web server.

36
00:02:25,450 --> 00:02:31,660
So first step is, of course, as the user posts data into the website using the login username as well

37
00:02:31,660 --> 00:02:36,370
as password, and that will create a JWT with a secret exactly as what you saw earlier.

38
00:02:36,520 --> 00:02:36,780
All right.

39
00:02:36,790 --> 00:02:37,720
From the results.

40
00:02:38,020 --> 00:02:43,000
And this would return to JWT into the browser, which will be safe into your storage.

41
00:02:43,240 --> 00:02:44,170
And after that.

42
00:02:44,200 --> 00:02:44,500
All right.

43
00:02:44,500 --> 00:02:50,800
Sensage JWT information into the server and the server will check and verify the signature verified

44
00:02:50,800 --> 00:02:53,590
information and data and a response rate to decline.

45
00:02:54,160 --> 00:02:55,120
So pretty straightforward.

46
00:02:55,330 --> 00:02:59,020
Six steps for us to actually go through the entire process.

47
00:02:59,170 --> 00:03:04,060
And of course, everything is done in a fraction of a second and we'll learn about how to change those

48
00:03:04,060 --> 00:03:04,740
seven values.

49
00:03:05,320 --> 00:03:07,290
So going to item number four.

50
00:03:07,330 --> 00:03:09,130
OK, so we have JWT signing.

51
00:03:09,280 --> 00:03:09,550
All right.

52
00:03:09,560 --> 00:03:15,490
So it says over here each JWT token should at least be signed before sending it to a client.

53
00:03:15,550 --> 00:03:15,850
All right.

54
00:03:15,850 --> 00:03:16,760
So that's very important.

55
00:03:17,110 --> 00:03:23,170
So first of all, we have to verify signature before performing any form of actions or else we can do

56
00:03:23,170 --> 00:03:23,820
a lot of things.

57
00:03:23,860 --> 00:03:27,700
So over here, again, we are going into the normal mode.

58
00:03:27,700 --> 00:03:32,110
What is normal considered as part of the activity in site, this site.

59
00:03:32,440 --> 00:03:33,250
So here we have.

60
00:03:33,250 --> 00:03:34,290
Welcome back guests.

61
00:03:34,340 --> 00:03:34,600
All right.

62
00:03:34,600 --> 00:03:39,760
So and all assignment is to change the token you receive and become an Etman user by changing the token

63
00:03:39,910 --> 00:03:41,610
and once your admin reset votes.

64
00:03:41,800 --> 00:03:46,780
OK, so we are guests right now and we have vote for your favorite Etman lost password.

65
00:03:47,020 --> 00:03:50,250
Get it for free, vote for your favorite photo comment.

66
00:03:50,260 --> 00:03:56,100
So let's say we click onto the first tap and it says that at a guess you're not allowed to vote.

67
00:03:56,110 --> 00:04:00,240
Please log in first so we can go ahead and click onto the drop down menu.

68
00:04:00,280 --> 00:04:04,360
Now we can look at all the uses that we can authenticate as so I can click on Tom.

69
00:04:05,000 --> 00:04:07,460
So once I click on Tom, we can see the number of votes.

70
00:04:07,510 --> 00:04:08,880
OK, so we got one each.

71
00:04:09,250 --> 00:04:14,830
And if I click onto the first one, OK, and we can go in on the refresh button, I can click on the

72
00:04:14,830 --> 00:04:15,610
second one.

73
00:04:15,970 --> 00:04:20,210
And of course, based on the results, it seems like Tom has already voted.

74
00:04:20,680 --> 00:04:25,720
So if I click on Jerry, OK, if I click on Jerry again, we're seeing one vote each so I can go ahead

75
00:04:25,720 --> 00:04:26,980
and click over here.

76
00:04:26,980 --> 00:04:31,370
For example, I can a vote now and we can scroll back down again and this becomes three votes.

77
00:04:31,420 --> 00:04:33,990
OK, so we can see all this different data.

78
00:04:34,000 --> 00:04:37,420
And of course, we're seeing that Jerry could vote multiple times.

79
00:04:37,870 --> 00:04:42,040
And of course, we also have Severstal so we can go ahead and click on.

80
00:04:42,040 --> 00:04:42,910
So get it for free.

81
00:04:43,460 --> 00:04:47,680
And again, we can look at all these different details and data or what's going on in the site.

82
00:04:48,490 --> 00:04:51,030
So what we're going to do next is actually on the right site.

83
00:04:51,430 --> 00:04:52,690
So there is this part core.

84
00:04:53,410 --> 00:04:58,480
We set votes so we can reset all the counters in all of the tabs to go in and click on that.

85
00:04:59,110 --> 00:05:00,190
And it gives us a problem.

86
00:05:00,200 --> 00:05:03,270
It says only and at the end user can reset to votes.

87
00:05:03,730 --> 00:05:07,540
So what we're going to do now is to go to the top right corner of your browser.

88
00:05:07,900 --> 00:05:09,670
And of course, in this case, we're on.

89
00:05:10,180 --> 00:05:17,230
Fox and we can click on our web developer and we can click under the Star, which inspector on a star

90
00:05:17,320 --> 00:05:19,330
inspector, we can look at the session.

91
00:05:19,500 --> 00:05:23,070
OK, so over here we have cookies, information and we have session.

92
00:05:23,260 --> 00:05:23,560
All right.

93
00:05:23,570 --> 00:05:29,640
So if I click onto, say, a change to Tom, all right, this would change, for example, the values

94
00:05:29,650 --> 00:05:30,790
of the access token.

95
00:05:31,180 --> 00:05:36,460
And if I change it to guest, that would remove the access token, as you can see from here.

96
00:05:36,850 --> 00:05:41,890
OK, so very, very quickly, we could understand about how the access token is being issued by the

97
00:05:41,890 --> 00:05:44,950
Web application system to the user, all to the browser.

98
00:05:45,730 --> 00:05:51,190
And what we can do next is we can click on Tom, for example, and we can go under the network tab.

99
00:05:51,400 --> 00:05:53,810
So we're collecting data now and delete it all.

100
00:05:54,370 --> 00:06:01,960
OK, so I'm going to click under reset votes, click on that and we have a voting over here, so go

101
00:06:01,960 --> 00:06:05,220
ahead and click on it and we show us more information about it.

102
00:06:05,680 --> 00:06:10,450
So we have the response and he says lesson completed, false and it's his feedback.

103
00:06:10,930 --> 00:06:13,810
Only an admin user can reset to votes.

104
00:06:13,840 --> 00:06:16,870
OK, so we see those details and data over there.

105
00:06:16,930 --> 00:06:22,090
OK, so we can look at all these different details that's been sent into the site and so on so we can

106
00:06:22,090 --> 00:06:22,290
go in.

107
00:06:22,390 --> 00:06:23,610
Right, click edit.

108
00:06:23,620 --> 00:06:27,640
And we said, OK, so over here we can look at the details.

109
00:06:27,970 --> 00:06:30,280
So we have the access, token information.

110
00:06:30,460 --> 00:06:33,380
We have all this different data points that we can look at.

111
00:06:33,520 --> 00:06:39,220
So go ahead and copy the following, which is the access token copy to information here.

112
00:06:39,670 --> 00:06:46,750
And we can go into this website, for example, base sixty four format, OK, so we can actually decode

113
00:06:46,750 --> 00:06:46,900
it.

114
00:06:46,900 --> 00:06:50,800
Click on to decode and we can actually paste information here.

115
00:06:51,070 --> 00:06:55,360
And first of all, we will definitely need to be able to paste the data right here.

116
00:06:55,630 --> 00:06:58,180
OK, so I can go ahead and copy these details.

117
00:06:58,660 --> 00:07:04,600
All right, paste it here, click under Decode and we get the following results, which is, of course,

118
00:07:04,930 --> 00:07:08,680
this is the header information of JWT.

119
00:07:08,680 --> 00:07:12,340
So here we have an algorithm highchairs five one two.

120
00:07:12,800 --> 00:07:19,840
OK, and if course if I go ahead and paste the second item over here, all we can copy everything in

121
00:07:19,870 --> 00:07:23,560
and we can paste it all in copy and we can paste it all in.

122
00:07:23,590 --> 00:07:23,860
All right.

123
00:07:23,860 --> 00:07:28,420
So again, we are decoding all those information that we're getting from the cookies.

124
00:07:28,960 --> 00:07:30,220
So here we have algorithm.

125
00:07:30,250 --> 00:07:32,260
Let me zoom in a little more so it's easier for you to see.

126
00:07:33,100 --> 00:07:35,530
So we have algorithm pages five one two.

127
00:07:35,560 --> 00:07:43,810
We have it with Etman is false and we have user Tom, OK, and then followed by the rest of it, which

128
00:07:43,810 --> 00:07:45,140
is Steve's signature.

129
00:07:45,730 --> 00:07:51,580
So in this case, we understand a structure of what is being safe into Web application browser.

130
00:07:51,580 --> 00:07:56,800
So we are understanding what's being sent from the Web application server to the browser and how it

131
00:07:56,800 --> 00:07:59,830
is being sent over into the Web application system.

132
00:07:59,830 --> 00:08:03,080
And of course, in this case, we have Etman as false.

133
00:08:03,280 --> 00:08:05,290
OK, so we need to change this.

134
00:08:05,530 --> 00:08:08,980
And at the same time, OK, there are certain things that we need to do as well.

135
00:08:09,220 --> 00:08:11,410
And that is, of course, trying to change the algorithm.

136
00:08:11,770 --> 00:08:18,010
OK, so there is a way for us to actually remove the algorithm entirely, which help us remove also

137
00:08:18,070 --> 00:08:18,900
the signature.

138
00:08:19,270 --> 00:08:23,560
OK, so there will be another way for us to actually set those details and data.

139
00:08:23,860 --> 00:08:24,180
All right.

140
00:08:24,430 --> 00:08:31,200
So first of all, OK, we can go back over here and we can set the algorithm to null, OK?

141
00:08:31,210 --> 00:08:37,450
And of course, we can see on the second step we have it so I can copy the right click copy, go back

142
00:08:37,450 --> 00:08:39,040
and paste the information here.

143
00:08:39,340 --> 00:08:41,630
And we have been true and user Tom.

144
00:08:41,680 --> 00:08:45,880
So what I will do now is to actually encode it.

145
00:08:45,880 --> 00:08:49,200
So let's encode the first segment, which is algorithms now.

146
00:08:49,210 --> 00:08:52,930
So go ahead and go back to basics for D Coorg.

147
00:08:53,380 --> 00:09:00,520
Click under and code, OK, and we can paste over here and click onto encode and this will produce the

148
00:09:00,520 --> 00:09:04,120
results of the base64 format so we can copy this.

149
00:09:04,660 --> 00:09:11,970
Go back to your favorite editor and we can paste information, have put a single full stop.

150
00:09:12,010 --> 00:09:13,720
So this is to demarcate.

151
00:09:13,750 --> 00:09:14,020
All right.

152
00:09:14,020 --> 00:09:17,920
Or to at a delimiter into the payload.

153
00:09:17,980 --> 00:09:18,250
All right.

154
00:09:18,250 --> 00:09:23,710
So here we have for example, over here we have the algorithm is null and we got to copy this information

155
00:09:23,710 --> 00:09:24,000
here.

156
00:09:24,010 --> 00:09:24,640
Copy it.

157
00:09:25,450 --> 00:09:25,780
All right.

158
00:09:25,780 --> 00:09:27,940
Pace it into the base.

159
00:09:27,940 --> 00:09:35,040
Sixty four and click under encode and we got the details and we can copy the information from here.

160
00:09:35,440 --> 00:09:38,440
So you have to ignore the last two equal sign on it.

161
00:09:38,620 --> 00:09:38,970
All right.

162
00:09:38,980 --> 00:09:41,950
Go back to your favorite editor page, the information.

163
00:09:41,950 --> 00:09:43,630
So we got all the details right here.

164
00:09:44,020 --> 00:09:46,850
We can copy the details, go back to Web, go.

165
00:09:47,050 --> 00:09:47,320
All right.

166
00:09:47,350 --> 00:09:53,500
We can pass the collection of data and do a right click, edit and resend, which we are really doing

167
00:09:53,500 --> 00:09:53,800
now.

168
00:09:53,990 --> 00:09:59,230
OK, so we can delete away all of those inside the access token tab under cookies.

169
00:10:00,250 --> 00:10:00,540
All right.

170
00:10:00,550 --> 00:10:06,790
So once we do all of it, all we got to do is place the information that we have now crafted to be sent

171
00:10:06,790 --> 00:10:08,320
over into the site.

172
00:10:08,320 --> 00:10:09,550
So go and do a right click.

173
00:10:10,200 --> 00:10:12,090
It followed by full stop.

174
00:10:12,120 --> 00:10:15,470
OK, so remember to put a full stop, we need at least two full stops.

175
00:10:15,810 --> 00:10:18,600
All right, 140 hater and one for the payload.

176
00:10:18,870 --> 00:10:22,610
So once you have all these details running, you can go ahead and click under send.

177
00:10:23,340 --> 00:10:27,420
OK, so once it is sent, you can go ahead and click onto the details.

178
00:10:27,510 --> 00:10:27,860
All right.

179
00:10:27,870 --> 00:10:31,500
So we can look at the response and it says over here, congratulations.

180
00:10:31,830 --> 00:10:33,960
You have successfully completed the assignment.

181
00:10:33,970 --> 00:10:40,710
So we have made a reset into database system to reset all of the vote counts.

182
00:10:40,710 --> 00:10:43,020
So you do a refresher again.

183
00:10:43,020 --> 00:10:46,080
We can do a reset immediately of all of the vote counts.

184
00:10:46,470 --> 00:10:49,590
So, once again, I hope you've learned something valuable in today's tutorial.

185
00:10:49,710 --> 00:10:53,760
And if you like what, you just watch them to, like, share and subscribe to a channel so that you

186
00:10:53,760 --> 00:10:56,490
can be kept abreast of the latest cyber security target.

187
00:10:56,580 --> 00:10:57,960
Thank you so much once again for watching.