Web - Server

Sunday 31 May 2020, 18:49  #1
Web - Server JWT - Revoked token
idea
idea
  • 7 posts

Help is needed. What to do?
The token is always blacklisted. In this case, the signature is validated. What to fix?

1) Need to get the value of the SECRET constant?
2) Can I somehow get into the blacklist?
3) Do using headers or pass through json?

Monday 1 June 2020, 09:00  #2
Web - Server JWT - Revoked token
prohk
prohk
  • 3 posts

I am also trapped in these problems,can manager give some hints?

Wednesday 3 June 2020, 14:27  #3
Web - Server JWT - Revoked token
idea
idea
  • 7 posts

HA-HA-HA-HA-HA-HA-HA-HA-HA-HA-HA-HA-HA-HA

What I just did not read during these 3 days)))))))))))))))))))))))))))))))))))))))

Wednesday 3 June 2020, 14:37  #4
Web - Server JWT - Revoked token
m31z0nyx
m31z0nyx
  • 394 posts

idea, if you don’t have any you may also stay quiet. Your post doesn’t help anyone…

others; have a look here

Wednesday 3 June 2020, 16:43  #5
Web - Server JWT - Revoked token
idea
idea
  • 7 posts

So no one helped me, I myself found ways in the open spaces of the forum. Others may do the same. )))
Have a nice day )))

Wednesday 3 June 2020, 17:18  #6
Web - Server JWT - Revoked token
JoshuaSign
JoshuaSign
  • 19 posts

idea,

The best hint is given by m31z0nyx :

« Read the code and watch what kind of data you are manipulating, RFC 4648 may help »

Maybe you should try Challenges/Steganography/Base-Jumper before this one.

Good Luck!

Monday 20 July 2020, 13:21  #7
Web - Server JWT - Revoked token
haider
haider
  • 1 posts

I need help please I tried everything, I dont know how to bypass blacklisting check what to modify in payload. I tied modifying jti but no luck. help me please, I completely new to the web security.

New reply New reply   New topic New topic