I'm doing a research project on finances. I tried to scrape https://www.gurufocus.com/insider/summary.
It's using JWT authentication. As i've read below that usually user needs only his token to send requests:
A user inserts his\her login data in the application or a trusted authentication service. In case >of successful authentication, the service grants a token to the user containing information about >this user (unique identifier, full name, role, etc.). When further addressing the application, the token is transferred in the user’s requests (in >cookies, request headers, post- or get-parameters, etc.). https://cyberpolygon.com/materials/security-of-json-web-tokens-jwt/
Obviously, it doesn't work in my case. authentication without signature
I discovered that my Chrome in each request generates unique Signature. wrapapi screen
Which means my browser somehow got secret key to generate Signature. I've googled a lot about how secret key works in JWT.Some people say it's not provided to user and hold on server, some people say it's provided out of bound as in comment below. https://stackoverflow.com/a/31313582/16486849
However, i could find any definite information about where it(secret key) comes from or how to extract it for futher purposes. So i'm interested where i can find secret key(if it's possible) to reproduce requests made by my browser in my scripts. Thx for any help.
