Learn about JWT if you want to Bypass Auth
JSON Web Token (JWT) 是一种基于 JSON 的令牌格式,用于身份验证和授权。它由三部分组成:头部(包含元数据)、载荷(包含声明)和签名(用于验证)。广泛应用于 Web 开发中以安全传输信息。 2025-8-1 04:4:50 Author: infosecwriteups.com(查看原文) 阅读量:11 收藏

Mr Horbio

This article describe about JWT token. How JWT helps in authentication? and how to use JWT?

Hi Hacker

this side. Today , I have an interesting topic for discussion. Either you are Hacker or Developer it is necessary for all.

Let’s Learn About JWT token …….

JWT stands for JSON web token, and it is defined in RFC 7519. It is a token format used to asset claims between two parties, commonly used in :

  • Authentication
  • Authorization
  • Information Exchange

Structure of a JWT :

A JWT consists of the 3 parts, separated by dots(.):

Zoom image will be displayed

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30

1. Header

  • Contains metadata about the token, typically the type(JWT) and the signing algorithm used (HS256, RS256,etc).
{
"alg" : "HS256",
"typ" : "JWT
}

2. Payload

  • Contains the claims: statements about the user and additional data.
{
"sub":"123456",
"name":"John…

文章来源: https://infosecwriteups.com/learn-about-jwt-if-you-want-to-bypass-authentication-4f9ea587a786?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh