Closed preetkaran20 closed 3 years ago
preetkaran20
commented
3 years ago Hi @thc202 @kingthorin @psiinon ,
Please review the changes. This is the implementation for publicly known JWT secret. https://lab.wallarm.com/meet-jwt-heartbreaker-a-burp-extension-that-finds-thousands-weak-secrets-automatically/ for more information
thanks, Karan
kingthorin
commented
3 years ago As a next step you could implement Custom Payloads so that the end user can specify values and have them attempted at any Strength.
preetkaran20
commented
3 years ago As a next step you could implement Custom Payloads so that the end user can specify values and have thrm attempted at any Strength.
hmm, so are you suggesting to take custom keys as input from user which gets used in scanner? i was thinking if we can have an import functionality also where user can import the keys/values from the interface?
kingthorin
commented
3 years ago Yup, thats what i was thinking. For another issue/PR. No point holding these changes up.
Having some sort of paste or bulk entry mechanism is on the TODO list for Custom Payloads.
preetkaran20
commented
3 years ago Yup, thats what i was thinking. For another issue/PR. No point holding these changes up.
Having some sort of paste or bulk entry mechanism is on the TODO list for Custom Payloads.
will raise an issue and pick it from there in another PR.
preetkaran20
commented
3 years ago @kingthorin can i merge this PR ?
kingthorin
commented
3 years ago I’m good with that.
preetkaran20
commented
3 years ago I’m good with that.
just now noticed that i raised it today only, let's wait for Ricardo and Simon to have a look.
thanks, Karan
preetkaran20
commented
3 years ago @thc202 I have incorporated review comments.
thanks, Karan
preetkaran20
commented
3 years ago thanks a lot @kingthorin @thc202
fixes: https://github.com/SasanLabs/owasp-zap-jwt-addon/issues/10