search

SasanLabs / owasp-zap-jwt-addon

OWASP ZAP addon for finding vulnerabilities in JWT Implementations
https://www.zaproxy.org/
Apache License 2.0
30 stars 10 forks source link

JWT option in fuzzer is not shown if request doesn't contains JWT pattern #26

Closed preetkaran20 closed 2 years ago

preetkaran20 commented 3 years ago

Is your feature request related to a problem? Please describe. JWT option in fuzzer is not shown if request doesn't contains JWT pattern. There is no indication to the user that why JWT option is unavailable.

Glimpse of issues image

If JWT pattern was found in the request then: image

To Reproduce Go to any request which is not having JWT pattern and then visit the fuzzer screen.

Expected behavior Add the behavior details that the fuzzer will only show the JWT option if request has the valid jwt format in Readme.md and also help index (we are building this in PR: https://github.com/SasanLabs/owasp-zap-jwt-addon/issues/25)

preetkaran20 commented 3 years ago

Hi @kingthorin @thc202,

please share your thoughts.

thanks, Karan

thc202 commented 3 years ago

I don't think we should show the option if it does not apply. This can be documented in the add-on, that you can only fuzz JWT tokens if there's one.

kingthorin commented 3 years ago

I'm okay with it only showing when applicable.

preetkaran20 commented 3 years ago

Thanks @thc202 and @kingthorin for your inputs. Updated the description.