Is it secure to send JWT tokens in url query parameters if we use nonce to make it a one time token?

Websockets don’t support sending auth tokens during websocket handshake as part of HTTP headers, rather only via query parameters. This has a security risk of leaking these tokens in server logs. However, if we create these JWT tokens with… Continue reading Is it secure to send JWT tokens in url query parameters if we use nonce to make it a one time token?

Real Time Decryption of TLS 1.3 packets Asked today Modified today [closed]

I am attempting to perform real time decryption of TLS 1.3 packets (TLS_AES_256_GCM_SHA384). I have retrieved the mastersecrets for the specific flow by using uprobes on OpenSSL, and matched the mastersecrets to the flow using ClientRandom… Continue reading Real Time Decryption of TLS 1.3 packets Asked today Modified today [closed]

Verifying that certain data is encrypted (or at least indistinguishable from random data)

Question
The question is in the title, but here are more details:
I want my server to have an upload endpoint (single POST for small data or multipart for larger data) where clients can upload data.
However:

Clients can upload only encryp… Continue reading Verifying that certain data is encrypted (or at least indistinguishable from random data)