Hi! My name is Hashar Mujahid. I am a security researcher and a penetration tester. This blog is part 2 of the comprehensive exploitation of JSON web tokens. I recommend you to read the first part of…

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

This post explains the concept of JSON Web Tokens (JWT), specifically focusing on the explanation and exploitation of JWT header parameters such as JWK and JKU. It provides examples and discusses techniques for exploiting these parameters.

JWT [JSON WEB TOKENS] [EXPLANATION & EXPLOITATION] (0x02)

SELF SIGNED JWT WITH JKU HEADER INJECTION: