search

blackberry / jwt-editor

A Burp Suite extension and standalone application for creating and editing JSON Web Tokens. This tool supports signing and verification of JWS, encryption and decryption of JWE and automation of several well-known attacks against applications that consume JWT.
Other
33 stars 14 forks source link

Unable to sign JWT after creating symmetric key #19

Open prasgop opened 1 year ago

prasgop commented 1 year ago

I have noticed this issue with different lab cases, not with just one case. It is working fine with RSA keys but I am not able to sign the token after creating symmetric keys, and I am not able to complete respective labs. After clicking the ok (shown in the 3rd screenshot below, it does not go anywhere; the pop-up screen just stays there and the token won't get signed. The pop-up disappears if I click cancel though)

screenshots attached below from a portswigger lab(JWT authentication bypass via kid header path traversal) -

  1. ss1 ss2 ss3

Yesterday, I was trying a simple lab of finding the secret using hashcat, creating a symmetric key of the same and signing the token with it. I faced the same issue in that case too. I kept clicking ok to sign but nothing happened. I was able to complete that token and lab using jwt.io. For the latest case mentioned above however, I do not know how to edit 'k' and sign the token if the extension doesn't work.

Any help? Please let me know if you need any additional info to understand the issue. Thanks in advance!

prasgop commented 1 year ago

Just to clarify, the issue is with the 'ok' button on the final signing screen only. I tried to switch between radio buttons and see but noticed that the selection on 'Don't modify header' is just disappearing without any further changes. It just hangs there unless I click cancel.

DolphFlynn commented 1 year ago

Hi @prasgop @I've not managed to reproduce your issue with the symmetric key 'AA=='. This should be padded with null bytes before signing to work around a length constraint. It sounds like an exception is being thrown during the signing operation. Do you see anything logged out if you start Burp manually from a console?

prasgop commented 1 year ago

Thanks for the quick response. I have also seen a mentioning about length in some online sources, but the videos under community solutions for the lab had it performed with just base-64 encoding of a null byte and no additional padding. The lab solution says the same. I am however not able to reproduce the scenario as it's not doing anything when I click ok to sign. Rest all looks fine so far with the extension and burp. I am not seeing anything different than usual when starting or closing burp. Is there something that you want me to check specifically? or if you want me to try padding, can you please tell me how to? Thanks

prasgop commented 1 year ago

Just a quick update - I have tried the same lab in my kali vm using burp community now. JWT editor signing function worked fine and I am able to complete the lab. Not sure as to why that particular button is not working when I am using the editor in my host machine burp!! Wish I could have it working in my host too.

Thanks

DolphFlynn commented 1 year ago

The extension pads symmetric keys less than 64 bytes so your key should work fine. If you can reproduce the issue on your host machine then there may be something useful logged to the console.

prasgop commented 1 year ago

Can you please tell me where should I check for that log?

Thanks

DolphFlynn commented 1 year ago

Sure. You can get Burp to log to a file by enabling 'Log performance data to a local directory'. This can be found within Settings -> Suite -> Performance Update.

Alternatively if you start Burp from the command line any exceptions should get logged to either stdout or stderr.

If either of these print anything related to your JWT signing then we should be able see what's going on.

pandak1d commented 1 year ago

In the new version of Burpsuite, when you click SIGN, there is no response (at this time Alg is HS256) image

pandak1d commented 1 year ago

Sure. You can get Burp to log to a file by enabling 'Log performance data to a local directory'. This can be found within Settings -> Suite -> Performance Update.

Alternatively if you start Burp from the command line any exceptions should get logged to either stdout or stderr.

If either of these print anything related to your JWT signing then we should be able see what's going on.

it have nothing!

DolphFlynn commented 1 year ago

@pandak1d Can you post the corresponding key in either PEM or JWK format?

pandak1d commented 1 year ago

@pandak1d Can you post the corresponding key in either PEM or JWK format?

yes, I can!

pandak1d commented 1 year ago

Sure. You can get Burp to log to a file by enabling 'Log performance data to a local directory'. This can be found within Settings -> Suite -> Performance Update.

Alternatively if you start Burp from the command line any exceptions should get logged to either stdout or stderr.

If either of these print anything related to your JWT signing then we should be able see what's going on.

java 17.0.7

java.lang.SecurityException: JCE cannot authenticate the provider BC
        at java.base/javax.crypto.JceSecurity.getInstance(JceSecurity.java:144)
        at java.base/javax.crypto.Mac.getInstance(Mac.java:272)
        at com.nimbusds.jose.crypto.impl.HMAC.getInitMac(HMAC.java:52)
        at com.nimbusds.jose.crypto.impl.HMAC.compute(HMAC.java:118)
        at com.nimbusds.jose.crypto.impl.HMAC.compute(HMAC.java:94)
        at com.nimbusds.jose.crypto.MACSigner.sign(MACSigner.java:193)
        at com.blackberry.jwteditor.utils.CryptoUtils.sign(CryptoUtils.java:100)
        at com.blackberry.jwteditor.operations.Operations.sign(Operations.java:95)
        at com.blackberry.jwteditor.view.dialog.operations.SignDialog.onOK(SignDialog.java:144)
        at com.blackberry.jwteditor.view.dialog.operations.SignDialog.lambda$new$0(SignDialog.java:73)
        at java.desktop/javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1972)
        at java.desktop/javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2313)
        at java.desktop/javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:405)
        at java.desktop/javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:262)
        at java.desktop/javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:279)
        at java.desktop/java.awt.Component.processMouseEvent(Component.java:6626)
        at java.desktop/javax.swing.JComponent.processMouseEvent(JComponent.java:3389)
        at java.desktop/java.awt.Component.processEvent(Component.java:6391)
        at java.desktop/java.awt.Container.processEvent(Container.java:2266)
        at java.desktop/java.awt.Component.dispatchEventImpl(Component.java:5001)
        at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2324)
        at java.desktop/java.awt.Component.dispatchEvent(Component.java:4833)
        at java.desktop/java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4948)
        at java.desktop/java.awt.LightweightDispatcher.processMouseEvent(Container.java:4575)
        at java.desktop/java.awt.LightweightDispatcher.dispatchEvent(Container.java:4516)
        at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2310)
        at java.desktop/java.awt.Window.dispatchEventImpl(Window.java:2780)
        at java.desktop/java.awt.Component.dispatchEvent(Component.java:4833)
        at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:773)
        at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:722)
        at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:716)
        at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
        at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86)
        at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:97)
        at java.desktop/java.awt.EventQueue$5.run(EventQueue.java:746)
        at java.desktop/java.awt.EventQueue$5.run(EventQueue.java:744)
        at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
        at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86)
        at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:743)
        at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203)
        at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
        at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:117)
        at java.desktop/java.awt.WaitDispatchSupport$2.run(WaitDispatchSupport.java:191)
        at java.desktop/java.awt.WaitDispatchSupport$4.run(WaitDispatchSupport.java:236)
        at java.desktop/java.awt.WaitDispatchSupport$4.run(WaitDispatchSupport.java:234)
        at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
        at java.desktop/java.awt.WaitDispatchSupport.enter(WaitDispatchSupport.java:234)
        at java.desktop/java.awt.Dialog.show(Dialog.java:1080)
        at java.desktop/java.awt.Component.show(Component.java:1728)
        at java.desktop/java.awt.Component.setVisible(Component.java:1675)
        at java.desktop/java.awt.Window.setVisible(Window.java:1036)
        at java.desktop/java.awt.Dialog.setVisible(Dialog.java:1016)
        at com.blackberry.jwteditor.presenter.EditorPresenter.signingDialog(EditorPresenter.java:342)
        at com.blackberry.jwteditor.presenter.EditorPresenter.onSignClicked(EditorPresenter.java:321)
        at com.blackberry.jwteditor.view.EditorView.lambda$new$12(EditorView.java:144)
        at java.desktop/javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1972)
        at java.desktop/javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2313)
        at java.desktop/javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:405)
        at java.desktop/javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:262)
        at java.desktop/javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:279)
        at java.desktop/java.awt.Component.processMouseEvent(Component.java:6626)
        at java.desktop/javax.swing.JComponent.processMouseEvent(JComponent.java:3389)
        at java.desktop/java.awt.Component.processEvent(Component.java:6391)
        at java.desktop/java.awt.Container.processEvent(Container.java:2266)
        at java.desktop/java.awt.Component.dispatchEventImpl(Component.java:5001)
        at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2324)
        at java.desktop/java.awt.Component.dispatchEvent(Component.java:4833)
        at java.desktop/java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4948)
        at java.desktop/java.awt.LightweightDispatcher.processMouseEvent(Container.java:4575)
        at java.desktop/java.awt.LightweightDispatcher.dispatchEvent(Container.java:4516)
        at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2310)
        at java.desktop/java.awt.Window.dispatchEventImpl(Window.java:2780)
        at java.desktop/java.awt.Component.dispatchEvent(Component.java:4833)
        at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:773)
        at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:722)
        at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:716)
        at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
        at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86)
        at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:97)
        at java.desktop/java.awt.EventQueue$5.run(EventQueue.java:746)
        at java.desktop/java.awt.EventQueue$5.run(EventQueue.java:744)
        at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
        at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86)
        at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:743)
        at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203)
        at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
        at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113)
        at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109)
        at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
        at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)
Caused by: java.util.jar.JarException: The JCE Provider file:/C:/Software/BurpSuite/burpsuite_pro_org.jar is not signed.
        at java.base/javax.crypto.JarVerifier.verifySingleJar(JarVerifier.java:464)
        at java.base/javax.crypto.JarVerifier.verifyJars(JarVerifier.java:317)
        at java.base/javax.crypto.JarVerifier.verify(JarVerifier.java:260)
        at java.base/javax.crypto.ProviderVerifier.verify(ProviderVerifier.java:130)
        at java.base/javax.crypto.JceSecurity.verifyProvider(JceSecurity.java:190)
        at java.base/javax.crypto.JceSecurity.getVerificationResult(JceSecurity.java:218)
        at java.base/javax.crypto.JceSecurity.getInstance(JceSecurity.java:140)
m4ra7h0n commented 4 months ago

Sure. You can get Burp to log to a file by enabling 'Log performance data to a local directory'. This can be found within Settings -> Suite -> Performance Update. Alternatively if you start Burp from the command line any exceptions should get logged to either stdout or stderr. If either of these print anything related to your JWT signing then we should be able see what's going on.

java 17.0.7

java.lang.SecurityException: JCE cannot authenticate the provider BC
        at java.base/javax.crypto.JceSecurity.getInstance(JceSecurity.java:144)
        at java.base/javax.crypto.Mac.getInstance(Mac.java:272)
        at com.nimbusds.jose.crypto.impl.HMAC.getInitMac(HMAC.java:52)
        at com.nimbusds.jose.crypto.impl.HMAC.compute(HMAC.java:118)
        at com.nimbusds.jose.crypto.impl.HMAC.compute(HMAC.java:94)
        at com.nimbusds.jose.crypto.MACSigner.sign(MACSigner.java:193)
        at com.blackberry.jwteditor.utils.CryptoUtils.sign(CryptoUtils.java:100)
        at com.blackberry.jwteditor.operations.Operations.sign(Operations.java:95)
        at com.blackberry.jwteditor.view.dialog.operations.SignDialog.onOK(SignDialog.java:144)
        at com.blackberry.jwteditor.view.dialog.operations.SignDialog.lambda$new$0(SignDialog.java:73)
        at java.desktop/javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1972)
        at java.desktop/javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2313)
        at java.desktop/javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:405)
        at java.desktop/javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:262)
        at java.desktop/javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:279)
        at java.desktop/java.awt.Component.processMouseEvent(Component.java:6626)
        at java.desktop/javax.swing.JComponent.processMouseEvent(JComponent.java:3389)
        at java.desktop/java.awt.Component.processEvent(Component.java:6391)
        at java.desktop/java.awt.Container.processEvent(Container.java:2266)
        at java.desktop/java.awt.Component.dispatchEventImpl(Component.java:5001)
        at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2324)
        at java.desktop/java.awt.Component.dispatchEvent(Component.java:4833)
        at java.desktop/java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4948)
        at java.desktop/java.awt.LightweightDispatcher.processMouseEvent(Container.java:4575)
        at java.desktop/java.awt.LightweightDispatcher.dispatchEvent(Container.java:4516)
        at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2310)
        at java.desktop/java.awt.Window.dispatchEventImpl(Window.java:2780)
        at java.desktop/java.awt.Component.dispatchEvent(Component.java:4833)
        at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:773)
        at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:722)
        at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:716)
        at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
        at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86)
        at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:97)
        at java.desktop/java.awt.EventQueue$5.run(EventQueue.java:746)
        at java.desktop/java.awt.EventQueue$5.run(EventQueue.java:744)
        at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
        at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86)
        at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:743)
        at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203)
        at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
        at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:117)
        at java.desktop/java.awt.WaitDispatchSupport$2.run(WaitDispatchSupport.java:191)
        at java.desktop/java.awt.WaitDispatchSupport$4.run(WaitDispatchSupport.java:236)
        at java.desktop/java.awt.WaitDispatchSupport$4.run(WaitDispatchSupport.java:234)
        at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
        at java.desktop/java.awt.WaitDispatchSupport.enter(WaitDispatchSupport.java:234)
        at java.desktop/java.awt.Dialog.show(Dialog.java:1080)
        at java.desktop/java.awt.Component.show(Component.java:1728)
        at java.desktop/java.awt.Component.setVisible(Component.java:1675)
        at java.desktop/java.awt.Window.setVisible(Window.java:1036)
        at java.desktop/java.awt.Dialog.setVisible(Dialog.java:1016)
        at com.blackberry.jwteditor.presenter.EditorPresenter.signingDialog(EditorPresenter.java:342)
        at com.blackberry.jwteditor.presenter.EditorPresenter.onSignClicked(EditorPresenter.java:321)
        at com.blackberry.jwteditor.view.EditorView.lambda$new$12(EditorView.java:144)
        at java.desktop/javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1972)
        at java.desktop/javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2313)
        at java.desktop/javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:405)
        at java.desktop/javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:262)
        at java.desktop/javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:279)
        at java.desktop/java.awt.Component.processMouseEvent(Component.java:6626)
        at java.desktop/javax.swing.JComponent.processMouseEvent(JComponent.java:3389)
        at java.desktop/java.awt.Component.processEvent(Component.java:6391)
        at java.desktop/java.awt.Container.processEvent(Container.java:2266)
        at java.desktop/java.awt.Component.dispatchEventImpl(Component.java:5001)
        at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2324)
        at java.desktop/java.awt.Component.dispatchEvent(Component.java:4833)
        at java.desktop/java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4948)
        at java.desktop/java.awt.LightweightDispatcher.processMouseEvent(Container.java:4575)
        at java.desktop/java.awt.LightweightDispatcher.dispatchEvent(Container.java:4516)
        at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2310)
        at java.desktop/java.awt.Window.dispatchEventImpl(Window.java:2780)
        at java.desktop/java.awt.Component.dispatchEvent(Component.java:4833)
        at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:773)
        at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:722)
        at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:716)
        at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
        at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86)
        at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:97)
        at java.desktop/java.awt.EventQueue$5.run(EventQueue.java:746)
        at java.desktop/java.awt.EventQueue$5.run(EventQueue.java:744)
        at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
        at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86)
        at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:743)
        at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203)
        at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
        at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113)
        at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109)
        at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
        at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)
Caused by: java.util.jar.JarException: The JCE Provider file:/C:/Software/BurpSuite/burpsuite_pro_org.jar is not signed.
        at java.base/javax.crypto.JarVerifier.verifySingleJar(JarVerifier.java:464)
        at java.base/javax.crypto.JarVerifier.verifyJars(JarVerifier.java:317)
        at java.base/javax.crypto.JarVerifier.verify(JarVerifier.java:260)
        at java.base/javax.crypto.ProviderVerifier.verify(ProviderVerifier.java:130)
        at java.base/javax.crypto.JceSecurity.verifyProvider(JceSecurity.java:190)
        at java.base/javax.crypto.JceSecurity.getVerificationResult(JceSecurity.java:218)
        at java.base/javax.crypto.JceSecurity.getInstance(JceSecurity.java:140)

jdk21 and the same problem.

DolphFlynn commented 4 months ago

I think what is happening here is that the classloader is picking up version of the Bouncy Castle within Burp rather than the one packaged within the extension.

What version of JWT Editor are you using? The current one within the PortSwigger BApp store does not include its own version of the Bouncy Castle so should not have this problem.

ZakFreid commented 1 day ago

Good day

I am using JWT editor 2.3 from BApp and jdk-23 (also tried running from an older version of jdk-17.0.12+7), I encountered a similar problem, when I click on the “Sign” button, the signature does not happen, no visual changes noticed, maybe there is some solution to this problem ?

    at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:744)
    at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203)
    at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
    at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:117)
    at java.desktop/java.awt.WaitDispatchSupport$2.run(WaitDispatchSupport.java:191)
    at java.desktop/java.awt.WaitDispatchSupport$4.run(WaitDispatchSupport.java:236)
    at java.desktop/java.awt.WaitDispatchSupport$4.run(WaitDispatchSupport.java:234)
    at java.base/java.security.AccessController.doPrivileged(AccessController.java:319)
    at java.desktop/java.awt.WaitDispatchSupport.enter(WaitDispatchSupport.java:234)
    at java.desktop/java.awt.Dialog.show(Dialog.java:1079)
    at java.desktop/java.awt.Component.show(Component.java:1728)
    at java.desktop/java.awt.Component.setVisible(Component.java:1675)
    at java.desktop/java.awt.Window.setVisible(Window.java:1036)
    at java.desktop/java.awt.Dialog.setVisible(Dialog.java:1015)
    at com.blackberry.jwteditor.view.dialog.AbstractDialog.display(AbstractDialog.java:47)
    at com.blackberry.jwteditor.presenter.EditorPresenter.signingDialog(EditorPresenter.java:304)
    at com.blackberry.jwteditor.presenter.EditorPresenter.onSignClicked(EditorPresenter.java:280)
    at com.blackberry.jwteditor.view.editor.EditorView.lambda$new$9(EditorView.java:169)
    at java.desktop/javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1972)
    at java.desktop/javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2314)
    at java.desktop/javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:407)
    at java.desktop/javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:262)
    at java.desktop/javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:279)
    at java.desktop/java.awt.Component.processMouseEvent(Component.java:6621)
    at java.desktop/javax.swing.JComponent.processMouseEvent(JComponent.java:3404)
    at java.desktop/java.awt.Component.processEvent(Component.java:6386)
    at java.desktop/java.awt.Container.processEvent(Container.java:2266)
    at java.desktop/java.awt.Component.dispatchEventImpl(Component.java:4996)
    at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2324)
    at java.desktop/java.awt.Component.dispatchEvent(Component.java:4828)
    at java.desktop/java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4948)
    at java.desktop/java.awt.LightweightDispatcher.processMouseEvent(Container.java:4575)
    at java.desktop/java.awt.LightweightDispatcher.dispatchEvent(Container.java:4516)
    at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2310)
    at java.desktop/java.awt.Window.dispatchEventImpl(Window.java:2780)
    at java.desktop/java.awt.Component.dispatchEvent(Component.java:4828)
    at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:775)
    at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:720)
    at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:714)
    at java.base/java.security.AccessController.doPrivileged(AccessController.java:400)
    at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:87)
    at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:98)
    at java.desktop/java.awt.EventQueue$5.run(EventQueue.java:747)
    at java.desktop/java.awt.EventQueue$5.run(EventQueue.java:745)
    at java.base/java.security.AccessController.doPrivileged(AccessController.java:400)
    at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:87)
    at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:744)
    at burp.Zc5o.dispatchEvent(Unknown Source)
    at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203)
    at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
    at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113)
    at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109)
    at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
    at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)
Caused by: java.util.jar.JarException: The JCE Provider burpsuite_pro_v2024.8.4.jar is not signed.
    at java.base/javax.crypto.JarVerifier.verifySingleJar(JarVerifier.java:442)
    at java.base/javax.crypto.JarVerifier.verifyJars(JarVerifier.java:320)
    at java.base/javax.crypto.JarVerifier.verify(JarVerifier.java:263)
    at java.base/javax.crypto.ProviderVerifier.verify(ProviderVerifier.java:130)
    at java.base/javax.crypto.JceSecurity.verifyProvider(JceSecurity.java:197)
    at java.base/javax.crypto.JceSecurity$2.apply(JceSecurity.java:223)
    at java.base/javax.crypto.JceSecurity$2.apply(JceSecurity.java:212)
    at java.base/java.util.concurrent.ConcurrentHashMap.computeIfAbsent(ConcurrentHashMap.java:1713)
    at java.base/javax.crypto.JceSecurity.getVerificationResult(JceSecurity.java:212)
    at java.base/javax.crypto.JceSecurity.canUseProvider(JceSecurity.java:258)
    at java.base/javax.crypto.Cipher.getInstance(Cipher.java:548)