forked from ozzi-/JWT4B
-
Notifications
You must be signed in to change notification settings - Fork 18
/
Copy pathBappDescription.html
22 lines (16 loc) · 1.06 KB
/
BappDescription.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
<p><b>JSON Web Tokens (JWT4B)</b> lets you decode and manipulate JSON web tokens on the fly,
check their validity and automate common attacks.</p>
<h2>Features</h2>
<ul>
<li>Automatic recognition</li>
<li>JWT Editor</li>
<li>Resigning of JWTs</li>
<li>Signature checks</li>
<li>Automated attacks available such as "Alg None" & "CVE-2018-0114"</li>
<li>Validity checks and support for 'expires', 'not before', 'issued at' fields in the payload</li>
<li>Automatic tests for security flags in cookie transmitted JWTs</li>
</ul>
<h2>Configuration</h2>
<p>A configuration file is generated at <code class="InlineCode">%user.home%/.JWT4B/config.json</code></p>
<p>You can use the "Change config" button to open this file from the extension-generated tab and make any adjustments.</p>
<p>Changes to the configuration require a reload. If the file is deleted, it will regenerate with default settings. Setting <code class="InlineCode">resetEditor</code> to <code class="InlineCode">false</code> preserves editor state across requests, useful for testing in Repeater.</p>