Authentication Bypass Via JWK Header Injection | JWT Hacking

In this video, we explore the JWK Header Injection vulnerability and how it can be used to bypass authentication. You'll learn how attackers exploit this JSON Web Tokens (JWTs) flaw by creating their signing key, potentially gaining unauthorized access. . . . . . My Blog: https://medusa0xf.medium.com/ . . . Social media: Twitter: https://twitter.com/medusa_0xf . . . Discord: https://discord.com/invite/2PUPD3RHHs . . . . . Introduction: 0:00 JWT and Structure: 0:28 Public and Private Key: 3:15 JWK header injection: 4:57 Lab: 5:43 Outro: 8:45 . . . #hacking #jwt #subdomain #api #owasp #portswigger #bugbounty #bola #postman #podcast #pentesting #api #hack #bola #tryhackme #hackerone #apihacking #computerscience #javascript #python #postman #ctf #bughunting #pentesting #hacking #hackingtools #burpsuite #portswigger #ethicalhacking #OAuth #webhacking #programming #websecurity #technology #practical #artificialintelligence #web #recon #bypass