JOIN BREACHFORUMS TELEGRAM
Spoofing HS256 Cupon Code
by Echo5Echo - Friday January 24, 2025 at 09:59 PM
Breached
Member
Posts: 6
Threads: 2
Joined: Jan 2025
Reputation: 0
#1
Jan 24, 2025, 09:59 PM (This post was last modified: Jan 24, 2025, 10:02 PM by Echo5Echo.)
Trying to spoof a cupon code request, would appreciate any resources thrown my way to learn how to get this done. 

https://geekydrop.com/api/coupon/claim

 Here’s the setup:
  • The system uses a POST API endpoint for coupon claims
  • The request requires a Bearer token (JWT) for authorization, which includes basic claims like email and session information.
  • Coupon codes are alphanumeric, 12 characters long.
  • The server returns a 500 Internal Server Error for invalid input

    but I’d like to test the following:
    • Whether coupon codes are predictable or vulnerable to brute-forcing.
    • If the JWT implementation has potential weaknesses (e.g., weak signing secret or algorithm tampering).
    • How to identify patterns or potential flaws in the API’s response.

What I’ve done so far:
  • Decoded the JWT to check its payload and algorithm (HS256).
  • Tested a few common coupon code patterns manually (e.g.,
    SAVE10 ,DISCOUNT20), but the system hasn’t returned valid responses yet.
  • Analyzed API responses for hints about how coupon validation is processed.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Delete All My Post Elsa 0 15 11 minutes ago
Last Post: Elsa
  [GUIDE] What to do when arrested! 0x666 203 27,423 1 hour ago
Last Post: phas3lock
  Largest Discord User History Archive - 10m+ Users Mega 322 41,656 2 hours ago
Last Post: GhostLogger
  A collection of deepweb sites [2025] dg7ka 117 3,874 8 hours ago
Last Post: helicoil1234
  What is your most efficent way to gain initial access? likju 5 365 Yesterday, 04:17 PM
Last Post: phas3lock

Forum Jump:


 Users browsing this forum: 1 Guest(s)