Open TheTechromancer opened 3 months ago
I like the idea, but i agree with the low priority tag as it would be a relatively big project for a small reward.
Moving JWT parsing into the event validation seems pretty small compared to most of the other reworks that are happening. Unless I'm missing something.
Duplicate JWTs are a problem. When you enable the web spider on a JWT-enabled website, you are likely to get two JWT events from every URL (one from excavate and one from badsecrets). That means if you spider a single website that has 1000 URLS, you will get 2000 JWTs that are effectively all the same.
I think the best way to solve this is to have a dedicated JWT event that intelligently dedupes itself by its contents, disregarding any one-time information like nonces/timestamps. This will ensure that equivalent JWTs won't be duplicated across the scan.