LAB - JWT Token Manipulation

In this lab environment, you will have GUI access to a Debian machine. An application named Playme is available on the Android Emulator.

Objective: Manipulate the JWT token to impersonate an admin and retrieve the flag.

The regular user credentials for the Playme app are:

  • Username: alice

  • Password: Qwerty@1234567

Note: You can start the emulator using the script located on the Desktop. Additionally, check the /root/Tools directory for available tools.

After execute the app, we can see a login panel. Set credentials here -->

Now, with it, configurate local proxy and burpproxy -_>

## View us IP 
hostname -I
## Set local proxy
adb shell settings put global http_proxy <host-ip>:8080

With it do, intercept the login peticion -->

We can get a login token, and we can see three points so... copy and put in into jwio -_>

Know it, we can decode of base64 the content "white selection" and manipulate it. For example, change the role to admin -->

PreviousAPI FuzzingNextLAB - Insecure Token Management

Last updated