search

SasanLabs / owasp-zap-jwt-addon

OWASP ZAP addon for finding vulnerabilities in JWT Implementations
https://www.zaproxy.org/
Apache License 2.0
29 stars 11 forks source link

Analysis for other attack vectors on JWT #27

Open preetkaran20 opened 2 years ago

preetkaran20 commented 2 years ago

Is your feature request related to a problem? Please describe. As the addon was made an year ago and there might be many new Vulnerabilities related to JWT are introduced. So we would like to analyse the new attack vectors and how can we incorporate those attack vectors in the addon.

Describe the solution you'd like Look at the new blogs, bug bounties, other scan rules/add-ons/scanners to find out what we are missing and how can we incorporate them.

Code References Attack vectors: https://github.com/SasanLabs/owasp-zap-jwt-addon/tree/master/src/main/java/org/zaproxy/zap/extension/jwt/attacks

JWT configuration Go through readme for more information regarding the configuration.

Testing the changes, in case some implementation/poc is required build the addon by running

  1. ./gradlew spotlessApply
  2. ./gradlew build Then go to the ZAP -> File -> Local addon file -> Navigate to project -> build -> bin -> jwt*.zap and done.
sgaurav37533 commented 2 years ago

I can work on this please assign me this issue.

preetkaran20 commented 2 years ago

Hi @sgaurav37533 ,

Are you facing any issues with this? Please let me know.

thanks, Karan

fbirn commented 1 year ago

Hello, i would like to work on this topic!

preetkaran20 commented 1 year ago

@fbirn great !!!. Assigned the issue to you.

thanks, Karan