Skip to content

Latest commit

 

History

History
59 lines (44 loc) · 2.93 KB

CHANGELOG.md

File metadata and controls

59 lines (44 loc) · 2.93 KB

Changelog

2.5 2025-01-13

  • Add ability to test for HMAC signatures using weak secrets.
  • Add import capability for JWK data.
  • Add support for decimal TimeClaims (Thanks to @Nirusu).
  • Remember last used key within signing dialogs.

2.4 2024-12-24

  • Add support for non-JSON claims within JWS (Thanks to @Hannah-PortSwigger for suggesting this).

2.3 2024-08-05

  • Add Information panel to JWS view showing decoded iat, nbf and exp values (Thanks to @exploide for collaborating on this).
  • Add support for WebSocket messages containing JWT's.
  • Preserve JWT order when message has multiple JWT's.
  • Remove use of commons-lang3.

2.2.2 2024-07-12

  • Fix issue where JWT's highlighted in Proxy regardless of config setting (Thanks to @serate-actual for reporting this).

2.2.1 2024-05-06

  • Fix issue where an invalid Intruder signing key could prevent the extension from loading (Thanks to @sebastianosrt for reporting this).

2.2 2024-02-29

  • Allow resigning of JWS tokens during fuzzing (Thanks to @BafDyce).

2.1.1 2024-01-22

  • Use split panes to improve JWT editor with small screens or large font sizes (Thanks to @eldstal).

2.1 2024-01-01

  • Allow key IDs to be set before keys generated.
  • Make symmetric and asymmetric key dialogs consistent.
  • Fix bug allowing keys with duplicate IDs.

2.0.2 2023-12-13

  • Fix memory leaks when deleting tabs containing JWTs.

2.0.1 2023-10-30

  • Generate valid URL's when embedding Collaborator payloads within x5u and jku headers.

2.0 2023-07-08

Forked from Fraser Winterborn's version (original repository).

  • Payload processing rule to support fuzzing within JWS.
  • Insertion point provider for JWS header parameters.
  • JWT highlighting within WebSocket messages.
  • Update to Java 17 and PortSwigger's new Montoya API.
  • Add ability to enable/disable JWT highlighting within proxied messages and to change highlight color.
  • Add ability to inject Collaborator payloads into x5u and jku headers.
  • Fix issue where invalid JWS's not recognised.
  • Add ability to export keys as a JWK set.
  • Add ability to sign with empty keys (CVE-2019-20933).
  • Add ability to sign with psychic signatures (CVE-2022-21449).
  • Color sections of serialized JWT differently.
  • Remove standalone mode.
  • Minor bug fixes and enhancements.