as we see we have a website with a JWT

now let’s try to login

now hit login

as we see we are logged in as user wiener now let’s intercept the request by burpsuite

as we see the JWT Editor marked this request as i contains JWT now let’s send it to repeater

as we see the JWT Editor showed the sub value which contain the username that is currently logged in

now in this challenge if we tried to change the username to admin it will not work because the server is checking the signature

now let’s try to set the signature to null

as we see we set the signature to none which changed the the algorithm to none and now our JWT contains only 2/3 Section so now let’s change the the sub to administrator and send the request

now we got the admin panel so let’s go and change the endpoint of the request to /admin endpoint

now let’s go and open the request in the browser to delete the user carlos