[keycloak-dev] JOSEPH JavaScript Object Signing and Encryption Pentesting Helper
Thomas Darimont
thomas.darimont at googlemail.com
Sat May 13 03:32:45 EDT 2017
Hello group,
I just stumbled upon the interesting tool JOSPEH (
https://github.com/RUB-NDS/JOSEPH)
that was presented at the OWASP AppSec EU Conference (
https://2017.appsec.eu/program/)
which I'd like to share.
JOSEPH is basically a BURP extension that allows to analyze JWE / JWS
structures in HTTP messages and to pentest endpoints which can process JWS
structures with a list of well-known attacks.
Talk: On the (in-)security of JavaScript Object Signing and Encryption
https://appseceurope2017.sched.com/event/A65e/on-the-in-security-of-javascript-object-signing-and-encryption?iframe=no&w=100%&sidebar=yes&bg=no
Cheers,
Thomas
More information about the keycloak-dev
mailing list