Hi, how are you la lala. Let’s cut short all that…

I just want to cover a noob’s guide for basic json web token testing. Please note that this is not the only potential JSON analysis method. For more attack vectors, do have a look at https://github.com/DontPanicO/jwtXploiter

JSON web tokens are mostly used for authorization and exchange of data securely.

In a nutshell, JSON Web Tokens has three parts separated by dots (.), which are:

• Header
• Payload
• Signature

You can go to jwt.io to play along.

One example JSON web token :

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

3 parts are separated with . and…

First of all, with TOOTB , I meant “think out of the box”. Don’t get confused haha.

Also lets keep all writeups from now on simple and short shall we? Or you like the stories also which I made long back!!

WHATSAPP:

Recently it had some privacy policy changes, so just thought i should just post about this then anyways.

Bug: Shadow viewing another users’ status updates while having set your read receipt ”disabled”. (In some cases.)

According to the app’s usage, switching off the Read Receipts for messages does not let you know if the person has read your message…

I was full of self doubt whether to jump into something weird as this project. But then I decided to plunge into it. At least I will learning something new from this . I maybe stupid, but at least I stood up for my idea.

I always wanted to start an initiative where we could easily facilitate and include the general population and make then partners in fighting spam and improving security.

Around this time, I got further attracted to the idea of helping out bloggers. The vast majority of internet is run by small bloggers. The lone incentive and…

Sharing hints only walkthrough of ctf challenges made by ctfchallenge(dot)co.uk.

You may want to head over to the site for learning if you are want to explore the field of web security.

Why just hints?

• Because you only will need that. (You can go to the site for more hints)
• Ldl Model
• MY new policy of max skill dev in min time.

VulnBegin has been skipped because a step by step walkthrough is available on the site itself.

Vulnltd

f1 go to robots.txt to get flag.

f2 go to robots.txt

secret login dir given.

Go there, see the documentation.

guest…

I have conceptualised a new way of writing wherein I will include only the absolute bare minimum soutions for understanding and not give any explanation and also not put any screenshots. You may ask why I am doing so? Because I am in lack of time; detailed writeups are already available and I just want to make an entry of my work here. :)

Natas is the best web ctf for beginners. Ensure you have some knowledge of php,sql, html, css,py etc before starting. Dont’ be frustrated later.

l0

1. Login with the user, pass provided .
2. view page source to…

For some time, I was having severe neck pain, eye strain etc. The neck was also causing headache and dizzy feeling. I know of many people who are putting out many hours staring at terminals, using Burpsuite for continuous long hours. Keep all this in mind, I had a idea of how I may help other deal with such issues.

TeaBreak is a simple burp extension for security researchers and bug bounty hunters for helping them to increase their work productivity. We know how much health is important. …

Of late, I see a lot of newbie bug hunters and security enthusiasts joining Infosec twitter and it pains to see their failure stories in timeline.

I have gone through stress, depression and failure from not finding any security bugs at some or the other point in time and continue to have them occasionally .

I did a self realisation cum analysis today and have come to some conclusions. You are free not to agree with all my views. I will be excited to know your take in the comments.

Most people come into bug bounties due to :

1. Money…

Needle is the only chrome extension you may need to have one click access to your bug submissions across various platforms. No need to create any bookmark, type on the url bar and have fuss with autocomplete problems.

It is Chrome extension for Instant access to you bug bounty submission dashboard of various platforms + publicly disclosed reports + #bugbountytip