A7: 2021 | JWT Tokens (4) | Cycubix Docs

Decoding a JWT token

Let’s try decoding a JWT token, for this you can use the JWT functionality inside WebWolf. Given the following token:

eyJhbGciOiJIUzI1NiJ9.ew0KICAiYXV0aG9yaXRpZXMiIDogWyAiUk9MRV9BRE1JTiIsICJST0xFX1VTRVIiIF0sDQogICJjbGllbnRfaWQiIDogIm15LWNsaWVudC13aXRoLXNlY3JldCIsDQogICJleHAiIDogMTYwNzA5OTYwOCwNCiAgImp0aSIgOiAiOWJjOTJhNDQtMGIxYS00YzVlLWJlNzAtZGE1MjA3NWI5YTg0IiwNCiAgInNjb3BlIiA6IFsgInJlYWQiLCAid3JpdGUiIF0sDQogICJ1c2VyX25hbWUiIDogInVzZXIiDQp9.9lYaULTuoIDJ86-zKDSntJQyHPpJ2mZAbnWRfel99iI

Copy and paste the following token and decode the token, can you find the user inside the token?

Solution

  • The exercise require us to use the JWT functionality within WebWolf. We could also use JWT

  • Copy the given token, and open WebWolf. Go into the JWT tab. Paste the token.

  • Copy user name and paste it on WebGoat exercise.

Last updated