Web - Server
Sunday 31 May 2020, 18:49 #1
Web - Server JWT - Revoked token
Help is needed. What to do?
The token is always blacklisted. In this case, the signature is validated. What to fix?
1) Need to get the value of the SECRET constant?
2) Can I somehow get into the blacklist?
3) Do using headers or pass through json?
Wednesday 3 June 2020, 17:18 #6
Web - Server JWT - Revoked token
idea,
The best hint is given by m31z0nyx :
« Read the code and watch what kind of data you are manipulating, RFC 4648 may help »
Maybe you should try Challenges/Steganography/Base-Jumper before this one.
Good Luck!