Closed preetkaran20 closed 3 years ago
Hi @thc202 @kingthorin @psiinon ,
Please review the changes. This is the implementation for publicly known JWT secret. https://lab.wallarm.com/meet-jwt-heartbreaker-a-burp-extension-that-finds-thousands-weak-secrets-automatically/ for more information
thanks, Karan
As a next step you could implement Custom Payloads so that the end user can specify values and have them attempted at any Strength.
As a next step you could implement Custom Payloads so that the end user can specify values and have thrm attempted at any Strength.
hmm, so are you suggesting to take custom keys as input from user which gets used in scanner? i was thinking if we can have an import functionality also where user can import the keys/values from the interface?
Yup, thats what i was thinking. For another issue/PR. No point holding these changes up.
Having some sort of paste or bulk entry mechanism is on the TODO list for Custom Payloads.
Yup, thats what i was thinking. For another issue/PR. No point holding these changes up.
Having some sort of paste or bulk entry mechanism is on the TODO list for Custom Payloads.
will raise an issue and pick it from there in another PR.
@kingthorin can i merge this PR ?
I’m good with that.
I’m good with that.
just now noticed that i raised it today only, let's wait for Ricardo and Simon to have a look.
thanks, Karan
@thc202 I have incorporated review comments.
thanks, Karan
thanks a lot @kingthorin @thc202
fixes: https://github.com/SasanLabs/owasp-zap-jwt-addon/issues/10