Skip to content

Commit 161140e

Browse files
preetkaran20preetkaran20
committed
Not stopping JWT active scanner on finding client side vulnerability
1 parent 4c3022b commit 161140e

File tree

1 file changed

+2
-4
lines changed

1 file changed

+2
-4
lines changed

src/main/java/org/zaproxy/zap/extension/jwt/JWTActiveScanRule.java

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,7 @@ public void init() {
6868
maxRequestCount = 8;
6969
break;
7070
case HIGH:
71-
maxRequestCount = 12;
71+
maxRequestCount = 18;
7272
break;
7373
case INSANE:
7474
maxRequestCount = 28;
@@ -105,9 +105,7 @@ public void scan(HttpMessage msg, String param, String value) {
105105
}
106106

107107
if (JWTConfiguration.getInstance().isEnableClientConfigurationScan()) {
108-
if (performAttackClientSideConfigurations(msg, param)) {
109-
return;
110-
}
108+
performAttackClientSideConfigurations(msg, param);
111109
this.decreaseRequestCount();
112110
}
113111
performAttackServerSideConfigurations(msg, param, jwtHolder, value);

0 commit comments

Comments
 (0)