├── .github ├── FUNDING.yml ├── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md └── workflows │ └── gradle.yml ├── .gitignore ├── .vscode └── launch.json ├── CHANGELOG.md ├── LICENSE ├── README.md ├── docs └── images │ ├── fuzzer-animation.gif │ ├── fuzzer-view.png │ └── jwt-options-panel.png ├── gradle.properties ├── gradle ├── spotless │ └── License.java └── wrapper │ ├── gradle-wrapper.jar │ └── gradle-wrapper.properties ├── gradlew ├── gradlew.bat ├── settings.gradle.kts └── src └── main ├── java └── org │ └── zaproxy │ └── zap │ └── extension │ └── jwt │ ├── JWTActiveScanRule.java │ ├── JWTConfiguration.java │ ├── JWTExtension.java │ ├── JWTHolder.java │ ├── JWTI18n.java │ ├── attacks │ ├── ClientSideAttack.java │ ├── HeaderAttack.java │ ├── JWTAttack.java │ ├── MiscAttack.java │ ├── PayloadAttack.java │ ├── ServerSideAttack.java │ └── SignatureAttack.java │ ├── exception │ └── JWTException.java │ ├── fuzzer │ ├── messagelocations │ │ ├── FuzzerJWTSignatureOperation.java │ │ ├── JWTMessageLocation.java │ │ ├── JWTMessageLocationReplacer.java │ │ └── JWTMessageLocationReplacerFactory.java │ └── ui │ │ ├── GenericCriteriaBasedMessageLocationProducerFocusListenerAdapter.java │ │ ├── JWTFuzzPanelView.java │ │ └── JWTFuzzPanelViewFactory.java │ ├── ui │ └── JWTOptionsPanel.java │ └── utils │ ├── JWTConstants.java │ ├── JWTUIUtils.java │ ├── JWTUtils.java │ └── VulnerabilityType.java └── resources ├── org └── zaproxy │ └── zap │ └── extension │ └── jwt │ └── resources │ └── Messages.properties └── weakKeys └── wallarm_jwt_hmac_secrets_list /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | github: [preetkaran20] 2 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/.github/ISSUE_TEMPLATE/bug_report.md -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/.github/ISSUE_TEMPLATE/feature_request.md -------------------------------------------------------------------------------- /.github/workflows/gradle.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/.github/workflows/gradle.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/.gitignore -------------------------------------------------------------------------------- /.vscode/launch.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/.vscode/launch.json -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/CHANGELOG.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/README.md -------------------------------------------------------------------------------- /docs/images/fuzzer-animation.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/docs/images/fuzzer-animation.gif -------------------------------------------------------------------------------- /docs/images/fuzzer-view.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/docs/images/fuzzer-view.png -------------------------------------------------------------------------------- /docs/images/jwt-options-panel.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/docs/images/jwt-options-panel.png -------------------------------------------------------------------------------- /gradle.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/gradle.properties -------------------------------------------------------------------------------- /gradle/spotless/License.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/gradle/spotless/License.java -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/gradle/wrapper/gradle-wrapper.properties -------------------------------------------------------------------------------- /gradlew: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/gradlew -------------------------------------------------------------------------------- /gradlew.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/gradlew.bat -------------------------------------------------------------------------------- /settings.gradle.kts: -------------------------------------------------------------------------------- 1 | rootProject.name = "jwt" 2 | -------------------------------------------------------------------------------- /src/main/java/org/zaproxy/zap/extension/jwt/JWTActiveScanRule.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/src/main/java/org/zaproxy/zap/extension/jwt/JWTActiveScanRule.java -------------------------------------------------------------------------------- /src/main/java/org/zaproxy/zap/extension/jwt/JWTConfiguration.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/src/main/java/org/zaproxy/zap/extension/jwt/JWTConfiguration.java -------------------------------------------------------------------------------- /src/main/java/org/zaproxy/zap/extension/jwt/JWTExtension.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/src/main/java/org/zaproxy/zap/extension/jwt/JWTExtension.java -------------------------------------------------------------------------------- /src/main/java/org/zaproxy/zap/extension/jwt/JWTHolder.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/src/main/java/org/zaproxy/zap/extension/jwt/JWTHolder.java -------------------------------------------------------------------------------- /src/main/java/org/zaproxy/zap/extension/jwt/JWTI18n.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/src/main/java/org/zaproxy/zap/extension/jwt/JWTI18n.java -------------------------------------------------------------------------------- /src/main/java/org/zaproxy/zap/extension/jwt/attacks/ClientSideAttack.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/src/main/java/org/zaproxy/zap/extension/jwt/attacks/ClientSideAttack.java -------------------------------------------------------------------------------- /src/main/java/org/zaproxy/zap/extension/jwt/attacks/HeaderAttack.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/src/main/java/org/zaproxy/zap/extension/jwt/attacks/HeaderAttack.java -------------------------------------------------------------------------------- /src/main/java/org/zaproxy/zap/extension/jwt/attacks/JWTAttack.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/src/main/java/org/zaproxy/zap/extension/jwt/attacks/JWTAttack.java -------------------------------------------------------------------------------- /src/main/java/org/zaproxy/zap/extension/jwt/attacks/MiscAttack.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/src/main/java/org/zaproxy/zap/extension/jwt/attacks/MiscAttack.java -------------------------------------------------------------------------------- /src/main/java/org/zaproxy/zap/extension/jwt/attacks/PayloadAttack.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/src/main/java/org/zaproxy/zap/extension/jwt/attacks/PayloadAttack.java -------------------------------------------------------------------------------- /src/main/java/org/zaproxy/zap/extension/jwt/attacks/ServerSideAttack.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/src/main/java/org/zaproxy/zap/extension/jwt/attacks/ServerSideAttack.java -------------------------------------------------------------------------------- /src/main/java/org/zaproxy/zap/extension/jwt/attacks/SignatureAttack.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/src/main/java/org/zaproxy/zap/extension/jwt/attacks/SignatureAttack.java -------------------------------------------------------------------------------- /src/main/java/org/zaproxy/zap/extension/jwt/exception/JWTException.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/src/main/java/org/zaproxy/zap/extension/jwt/exception/JWTException.java -------------------------------------------------------------------------------- /src/main/java/org/zaproxy/zap/extension/jwt/fuzzer/messagelocations/FuzzerJWTSignatureOperation.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/src/main/java/org/zaproxy/zap/extension/jwt/fuzzer/messagelocations/FuzzerJWTSignatureOperation.java -------------------------------------------------------------------------------- /src/main/java/org/zaproxy/zap/extension/jwt/fuzzer/messagelocations/JWTMessageLocation.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/src/main/java/org/zaproxy/zap/extension/jwt/fuzzer/messagelocations/JWTMessageLocation.java -------------------------------------------------------------------------------- /src/main/java/org/zaproxy/zap/extension/jwt/fuzzer/messagelocations/JWTMessageLocationReplacer.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/src/main/java/org/zaproxy/zap/extension/jwt/fuzzer/messagelocations/JWTMessageLocationReplacer.java -------------------------------------------------------------------------------- /src/main/java/org/zaproxy/zap/extension/jwt/fuzzer/messagelocations/JWTMessageLocationReplacerFactory.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/src/main/java/org/zaproxy/zap/extension/jwt/fuzzer/messagelocations/JWTMessageLocationReplacerFactory.java -------------------------------------------------------------------------------- /src/main/java/org/zaproxy/zap/extension/jwt/fuzzer/ui/GenericCriteriaBasedMessageLocationProducerFocusListenerAdapter.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/src/main/java/org/zaproxy/zap/extension/jwt/fuzzer/ui/GenericCriteriaBasedMessageLocationProducerFocusListenerAdapter.java -------------------------------------------------------------------------------- /src/main/java/org/zaproxy/zap/extension/jwt/fuzzer/ui/JWTFuzzPanelView.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/src/main/java/org/zaproxy/zap/extension/jwt/fuzzer/ui/JWTFuzzPanelView.java -------------------------------------------------------------------------------- /src/main/java/org/zaproxy/zap/extension/jwt/fuzzer/ui/JWTFuzzPanelViewFactory.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/src/main/java/org/zaproxy/zap/extension/jwt/fuzzer/ui/JWTFuzzPanelViewFactory.java -------------------------------------------------------------------------------- /src/main/java/org/zaproxy/zap/extension/jwt/ui/JWTOptionsPanel.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/src/main/java/org/zaproxy/zap/extension/jwt/ui/JWTOptionsPanel.java -------------------------------------------------------------------------------- /src/main/java/org/zaproxy/zap/extension/jwt/utils/JWTConstants.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/src/main/java/org/zaproxy/zap/extension/jwt/utils/JWTConstants.java -------------------------------------------------------------------------------- /src/main/java/org/zaproxy/zap/extension/jwt/utils/JWTUIUtils.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/src/main/java/org/zaproxy/zap/extension/jwt/utils/JWTUIUtils.java -------------------------------------------------------------------------------- /src/main/java/org/zaproxy/zap/extension/jwt/utils/JWTUtils.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/src/main/java/org/zaproxy/zap/extension/jwt/utils/JWTUtils.java -------------------------------------------------------------------------------- /src/main/java/org/zaproxy/zap/extension/jwt/utils/VulnerabilityType.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/src/main/java/org/zaproxy/zap/extension/jwt/utils/VulnerabilityType.java -------------------------------------------------------------------------------- /src/main/resources/org/zaproxy/zap/extension/jwt/resources/Messages.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/src/main/resources/org/zaproxy/zap/extension/jwt/resources/Messages.properties -------------------------------------------------------------------------------- /src/main/resources/weakKeys/wallarm_jwt_hmac_secrets_list: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SasanLabs/owasp-zap-jwt-addon/HEAD/src/main/resources/weakKeys/wallarm_jwt_hmac_secrets_list --------------------------------------------------------------------------------