Analysis for other attack vectors on JWT #27
Labels
analysis
documentation
Improvements or additions to documentation
good first issue
Good for newcomers
HacktoberFest
Comments
preetkaran20
added
documentation
|
I can work on this please assign me this issue. |
|
Hi @sgaurav37533 , Are you facing any issues with this? Please let me know. thanks, |
|
Hello, i would like to work on this topic! |
|
@fbirn great !!!. Assigned the issue to you. thanks, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
As the addon was made an year ago and there might be many new Vulnerabilities related to JWT are introduced. So we would like to analyse the new attack vectors and how can we incorporate those attack vectors in the addon.
Describe the solution you'd like
Look at the new blogs, bug bounties, other scan rules/add-ons/scanners to find out what we are missing and how can we incorporate them.
Code References
Attack vectors: https://github.com/SasanLabs/owasp-zap-jwt-addon/tree/master/src/main/java/org/zaproxy/zap/extension/jwt/attacks
JWT configuration
Go through readme for more information regarding the configuration.
Testing the changes, in case some implementation/poc is required
build the addon by running
Then go to the ZAP -> File -> Local addon file -> Navigate to project -> build -> bin -> jwt*.zap and done.
The text was updated successfully, but these errors were encountered: