JWT Claims Manipulation

You've discovered a web application that uses JWT (JSON Web Tokens) for authentication and authorization. The challenge requires you to manipulate JWT claims to escalate your privileges from a regular user to an administrator, but there's a critical time constraint that makes this attack more complex and realistic.

JWT claims manipulation is a common vulnerability in applications where developers implement custom JWT validation logic. This challenge simulates a scenario where an attacker must craft a valid JWT with modified claims while working within tight timing constraints, similar to real-world attacks where tokens have short validity windows for security purposes.

The application has strict validation rules: the JWT must have admin privileges, a valid signature, and most importantly, the token's validity window (exp - iat) cannot exceed 10 seconds. This forces attackers to work within realistic time constraints while maintaining all security requirements.

• Understand JWT structure and claims manipulation
• Learn to work with time-based constraints in security testing
• Practice JWT encoding and signing techniques
• Perform privilege escalation through role manipulation
• Understand the importance of timing in real-world attacks