As more sites provide client API access, JWT are commonly used for authentication. These tokens hold identity and claims information tied to the resources the user is granted access to on the target site. Web-penetration testers need to read these tokens and determine their strength. Fortunately, there are some handy plugins that make working with JWT tokens inside of Burp much easier. We will learn about these plugins in this recipe.
- Title Page
- Copyright and Credits
- Packt Upsell
- Contributors
- Preface
- Getting Started with Burp Suite
- Getting to Know the Burp Suite of Tools
- Configuring, Spidering, Scanning, and Reporting with Burp
- Assessing Authentication Schemes
- Assessing Authorization Checks
- Assessing Session Management Mechanisms
- Assessing Business Logic
- Evaluating Input Validation Checks
- Attacking the Client
- Working with Burp Macros and Extensions
- Implementing Advanced Topic Attacks
- Other Books You May Enjoy
Working with JWT
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.