JWT TOKEN FORENSICS CHALLENGE
==============================
File: intercepted_token.txt

During a penetration test of a web application, this JWT token was 
intercepted from an HTTP request header:

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyXzQyNjAxIiwibmFtZSI6IkFsaWNlIFNtaXRoIiwicm9sZSI6InVzZXIiLCJpYXQiOjE3MTAwMDAwMDAsImV4cCI6OTk5OTk5OTk5OSwiZGVidWdfZmxhZyI6IlVHeGhhVzVzZVZObFkzdEtWMVJmZERCck0yNWZaakJ5WnpOeWVWOTNNRzR4ZlE9PSIsIm5vdGUiOiJBZG1pbnMgb25seTogdGhlIGRlYnVnX2ZsYWcgZmllbGQgY29udGFpbnMgYmFzZTY0LWVuY29kZWQgaW50ZXJuYWwgaW5mbyJ9.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

Your tasks:
1. Decode and inspect the JWT token structure
2. Find the hidden flag inside the token payload
3. The flag itself is encoded - decode it to reveal the PlainlySec{...} flag

Tools:
  jwt.io (online decoder - paste the token)
  python3 -c "import base64; print(base64.b64decode('...').decode())"
  CyberChef (cyberchef.org)
  Manual: base64url decode each part (header.payload.signature)
  
Base64URL decoding notes:
  Replace - with + and _ with / before decoding
  Add = padding if needed (length must be multiple of 4)

Bonus challenge: What is the signing algorithm? What is the expiry?
Can you figure out what key was used to sign this token?

Flag format: PlainlySec{...}
