Skip to content

Adding support for Elliptic Curve based vulnerabilities #28

New issue
New issue
Open
Open
Adding support for Elliptic Curve based vulnerabilities#28
Labels
HacktoberFestanalysisdocumentationImprovements or additions to documentationenhancementNew feature or requestgood first issueGood for newcomers
@preetkaran20

Description

@preetkaran20
preetkaran20
opened on Sep 25, 2021

Is your feature request related to a problem? Please describe.
Currently, we only handle JWT signed using HMAC or RSA but we have not handled the JWT's signed by Elliptic Curve ES384 etc.

Describe the solution you'd like

  1. Analyse the Vulnerabilities related to EC
  2. Adding attack vectors related to that
  3. Adding Custom payload support for EC based keys
  4. Adding the Vulnerable code in https://github.com/SasanLabs/VulnerableApp/blob/master/src/main/java/org/sasanlabs/service/vulnerability/jwt/JWTVulnerability.java so that we can test the attack vectors.
  5. Add a design document regarding the same.

JWT Configurations
image

Testing the changes, in case some implementation/poc is required
build the addon by running

  1. ./gradlew spotlessApply
  2. ./gradlew build
    Then go to the ZAP -> File -> Local addon file -> Navigate to project -> build -> bin -> jwt*.zap and done.

Metadata

Metadata

Assignees

No one assigned

    Labels

    HacktoberFestanalysisdocumentationImprovements or additions to documentationenhancementNew feature or requestgood first issueGood for newcomers

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions