Analysis for other attack vectors on JWT

[preetkaran20]

Is your feature request related to a problem? Please describe.
As the addon was made an year ago and there might be many new Vulnerabilities related to JWT are introduced. So we would like to analyse the new attack vectors and how can we incorporate those attack vectors in the addon.

Describe the solution you'd like
Look at the new blogs, bug bounties, other scan rules/add-ons/scanners to find out what we are missing and how can we incorporate them.

Code References
Attack vectors: https://github.com/SasanLabs/owasp-zap-jwt-addon/tree/master/src/main/java/org/zaproxy/zap/extension/jwt/attacks

JWT configuration
Go through readme for more information regarding the configuration.

Testing the changes, in case some implementation/poc is required
build the addon by running

1. ./gradlew spotlessApply
2. ./gradlew build
   Then go to the ZAP -> File -> Local addon file -> Navigate to project -> build -> bin -> jwt*.zap and done.

[sgaurav37533]

I can work on this please assign me this issue.

[preetkaran20]

Hi @sgaurav37533 ,

Are you facing any issues with this? Please let me know.

thanks,
Karan

[fbirn]

Hello, i would like to work on this topic!

[preetkaran20]

@fbirn great !!!. Assigned the issue to you.

thanks,
Karan