Skip to content

Commit

Permalink
Merge pull request #17 from SasanLabs/FuzzerChanges
Browse files Browse the repository at this point in the history 
Not stopping JWT active scanner on finding client side vulnerability
  • Loading branch information
@preetkaran20
preetkaran20 authored Nov 24, 2020
2 parents 5214f7d + 161140e commit 278a1e2
Showing 1 changed file with 2 additions and 4 deletions.
6 changes: 2 additions & 4 deletions src/main/java/org/zaproxy/zap/extension/jwt/JWTActiveScanRule.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ public void init() {
maxRequestCount = 8;
break;
case HIGH:
maxRequestCount = 12;
maxRequestCount = 18;
break;
case INSANE:
maxRequestCount = 28;
Expand Down Expand Up @@ -105,9 +105,7 @@ public void scan(HttpMessage msg, String param, String value) {
}

if (JWTConfiguration.getInstance().isEnableClientConfigurationScan()) {
if (performAttackClientSideConfigurations(msg, param)) {
return;
}
performAttackClientSideConfigurations(msg, param);
this.decreaseRequestCount();
}
performAttackServerSideConfigurations(msg, param, jwtHolder, value);
Expand Down

0 comments on commit 278a1e2

Please sign in to comment.