Hello group,
I just stumbled upon the interesting tool JOSPEH (
https://github.com/RUB-NDS/JOSEPH)
that was presented at the OWASP AppSec EU Conference (
https://2017.appsec.eu/program/)
which I'd like to share.
JOSEPH is basically a BURP extension that allows to analyze JWE / JWS
structures in HTTP messages and to pentest endpoints which can process JWS
structures with a list of well-known attacks.
Talk: On the (in-)security of JavaScript Object Signing and Encryption
https://appseceurope2017.sched.com/event/A65e/on-the-in-security-of-javas...
Cheers,
Thomas