search

ozzi- / JWT4B

JWT Support for Burp
GNU General Public License v3.0
240 stars 46 forks source link

JWT Editing #51

Closed 0xElessar closed 3 years ago

0xElessar commented 3 years ago

Thank you for the work, guys.

But currently, the plugin is unusable. Why do you make editing JWT so difficult? Only adding characters work. DELETE, BACKSPACE or COPY/PASTE does not work at all. In the end, I need to do that manually by editing BASE64 :(

ozzi- commented 3 years ago

Hi @0xElessar Well that is not on purpose for sure :D What version of JWT4B (BApp Store / Version?) and which version of Burp? That way I can try to replicate the problem.

Cheers

0xElessar commented 3 years ago

Thank you for quick response :)

Windows - Full Install version - 2021.6.2 JWT4B: 1.15 Windows 10 1909

ozzi- commented 3 years ago

Just updated my burp to 2021.6.2 community edition, using JWT4B 1.15 from bapp. Running Win10 19041.1052 Works for me, see my screenrecording - at second 12 I do CTRL+X , CTRL+Y and CTRL+Z etc. https://vimeo.com/manage/videos/571669764

0xElessar commented 3 years ago

Thanks a lot for checking that. Much appreciated.

Really bizarre. For me, shortcuts do not work completely in the field with JWT. I can use them in the right box (with the encryption key) or any other Burp area.

Do you use the built-in JRE provided with Burp? Or you use burp .jar with separate JAVA installation?

ozzi- commented 3 years ago

Dumb question - have you tried restarting your PC? Also please try to disable any other extensions and try again. I am using the bundled JRE.

Edit: Please go to the Tab "Extender" -> "JWT4B" -> Tab "output" & "errors", does it contain any info? https://i.imgur.com/bj225EH.png

0xElessar commented 3 years ago

cheers :)

BTW I checked the plugin when intercepting. Works great. Exactly like you demonstrated! But if I send it to the Repeater, and try to edit the JWT ... this does not work :(

I can see the following errors: 14:58:12.812 | Could not replace token in post body. 14:58:53.308 | Could not replace token in post body. 14:59:07.166 | Could not replace token in post body. 15:06:07.147 | Could not replace token in post body.

ozzi- commented 3 years ago

Repeater works too, at least for me: https://vimeo.com/manage/videos/572000811

Can you provide a screenrecording or try another device? Something weird must be going on :D

0xElessar commented 3 years ago

Thanks a lot for checking again!

This must mean there is something wrong with my setup. I will do clean install and disable all other plugins. Thank you for the help!

Great to know the plugin works perfectly :)

ozzi- commented 3 years ago

You are welcome. Please do let me know, if you find out what the problem is :)