JWT Attack Lab — Part 4: Cracking a Weak HMAC Secret With Hashcat
Part 4 of a series building a Flask API with JWT authentication, then deliberately exploiting six real vulnerabilities in it.
Part 3 fixed the alg: none bypass by explicitly restricting which algorith
quietbytes.hashnode.dev4 min read