Today I Learned - Rocky Kev

TIL a JWT decoder and how it works

POSTED ON:

TAGS: security json jwt

JWT (JSON Web Tokens) are essentially just JSON objects that are hashed.

This site can decode it, while also teaching you about it.

But to explain it some more:

  1. You're given a hash.

  2. Inside the hash is a header (to explain the algorithm, and the type)

  3. Also included is the payload.

  4. There is also a secret handshake code.

  5. Put all that together, and you got a pretty neat way to send secure tokens back and forth.

Related TILs

Tagged: security

TIL how to build a chrome extension that steals everything

There's 3 components that will be used - background Service worker, Content script, and popup.

TIL executing a xss using a SVG image

This user was able to upload a '.svg', that then executed a xss attack to steal local storage data.

TIL How to steal localData using an XSS attack

But that's just a red flag that opens the door to bigger issues.