added reminder to JWT None algorithm bypass

This commit is contained in:
Stefan Friese 2023-03-08 18:21:36 +01:00
parent 9cd859fa25
commit 5f83ee9efd
1 changed files with 2 additions and 0 deletions

View File

@ -32,6 +32,8 @@ eyJ0eXAiOiJKV1QiLCJhbGciOiJOT05FIn0K.eyJleHAiOjE1ODY3MDUyOTUsImlhdCI6MTU4NjcwNDk
eyJ0eXAiOiJKV1QiLCJhbGciOiJOT05FIn0K eyJ0eXAiOiJKV1QiLCJhbGciOiJOT05FIn0K
``` ```
__Remember to include the `.` at the end even if there is no signature
## Brute Force ## Brute Force
```python ```python
HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), secret) HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), secret)