Flashback Fuzzing: How I Found JWT Tokens in the Past & Got Paid for It
1 min read
Summary
Harsh Kothari has divulged details of how he discovered sensitive JWT tokens in a Proton email domain while conducting a regular reconnaissance (recon) session.
He found the /api/core/v4/auth/jwt endpoint, which attracted his attention as an authentication endpoint with a reference to JWT in the URL.
Using the Wayback Machine, he searched the historical data for the endpoint and found JWT tokens in the archived responses, along with usernames and user IDs, despite the fact that the tokens had expired.
He disclosed the finding to Proton, which rewarded him with a $100 coupon for its services, and named the technique retrospectively as “flashback fuzzing”, recommending it as an effective method of bug hunting.
This approach entails extracting API endpoints, reviewing the archived responses, and looking for sensitive data such as tokens, keys, IDs, or evidence of misconfiguration.
Kothari is offering free mentorship in cybersecurity and bug hunting to those who want to follow in his footsteps.