Skip to content

Commit

Permalink
Extract CHANGELOG.md.
Browse files Browse the repository at this point in the history
  • Loading branch information
@DolphFlynn
DolphFlynn committed Feb 7, 2025
1 parent 74beabf commit fbcbd33
Show file tree
Hide file tree
Showing 2 changed files with 63 additions and 54 deletions.
59 changes: 59 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
# Changelog

## [2.5](https://github.com/DolphFlynn/jwt-editor/releases/tag/2.5) 2025-01-13
- Add ability to test for HMAC signatures using [weak secrets](https://github.com/wallarm/jwt-secrets).
- Add import capability for JWK data.
- Add support for decimal TimeClaims (Thanks to [@Nirusu](https://github.com/Nirusu)).
- Remember last used key within signing dialogs.

## [2.4](https://github.com/DolphFlynn/jwt-editor/releases/tag/2.4) 2024-12-24
- Add support for non-JSON claims within JWS (Thanks to [@Hannah-PortSwigger](https://github.com/Hannah-PortSwigger) for suggesting this).

## [2.3](https://github.com/DolphFlynn/jwt-editor/releases/tag/2.3) 2024-08-05
- Add Information panel to JWS view showing decoded *iat*, *nbf* and *exp* values (Thanks to [@exploide](https://github.com/exploide) for collaborating on this).
- Add support for WebSocket messages containing JWT's.
- Preserve JWT order when message has multiple JWT's.
- Remove use of commons-lang3.

## [2.2.2](https://github.com/DolphFlynn/jwt-editor/releases/tag/2.2.2) 2024-07-12
- Fix issue where JWT's highlighted in Proxy regardless of config setting (Thanks to [@serate-actual](https://github.com/serate-actual) for reporting this).

## [2.2.1](https://github.com/DolphFlynn/jwt-editor/releases/tag/2.2.1) 2024-05-06
- Fix issue where an invalid Intruder signing key could prevent the extension from loading (Thanks to [@sebastianosrt](https://github.com/sebastianosrt) for reporting this).

## 2.2 2024-02-29
- Allow resigning of JWS tokens during fuzzing (Thanks to [@BafDyce](https://github.com/BafDyce)).

## 2.1.1 2024-01-22
- Use split panes to improve JWT editor with small screens or large font sizes (Thanks to [@eldstal](https://github.com/eldstal)).

## 2.1 2024-01-01
- Allow key IDs to be set before keys generated.
- Make symmetric and asymmetric key dialogs consistent.
- Fix bug allowing keys with duplicate IDs.


## 2.0.2 2023-12-13
- Fix memory leaks when deleting tabs containing JWTs.


## 2.0.1 2023-10-30
- Generate valid URL's when embedding Collaborator payloads within *x5u* and *jku* headers.


## 2.0 2023-07-08

Forked from [Fraser Winterborn](https://uk.linkedin.com/in/fraser-winterborn-198b8a129)'s version (original [repository](https://github.com/blackberry/jwt-editor)).
* Payload processing rule to support fuzzing within JWS.
* Insertion point provider for JWS header parameters.
* JWT highlighting within WebSocket messages.
* Update to Java 17 and PortSwigger's new Montoya API.
* Add ability to enable/disable JWT highlighting within proxied messages and to change highlight color.
* Add ability to inject Collaborator payloads into x5u and jku headers.
* Fix issue where invalid JWS's not recognised.
* Add ability to export keys as a JWK set.
* Add ability to sign with empty keys (CVE-2019-20933).
* Add ability to sign with psychic signatures (CVE-2022-21449).
* Color sections of serialized JWT differently.
* Remove standalone mode.
* Minor bug fixes and enhancements.
58 changes: 4 additions & 54 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,65 +15,15 @@ Additionally it facilitates several well-known attacks against JWT implementatio
* JWS Scanner insertion point provider


## Changelog

**2.5 2025-01-13**
## Recent Changes
The last release was tagged [2.5](https://github.com/DolphFlynn/jwt-editor/releases/tag/2.5) on 2025-01-13 and included
the following changes:
- Add ability to test for HMAC signatures using [weak secrets](https://github.com/wallarm/jwt-secrets).
- Add import capability for JWK data.
- Add support for decimal TimeClaims (Thanks to [@Nirusu](https://github.com/Nirusu)).
- Remember last used key within signing dialogs.

**2.4 2024-12-24**
- Add support for non-JSON claims within JWS (Thanks to [@Hannah-PortSwigger](https://github.com/Hannah-PortSwigger) for suggesting this).

**2.3 2024-08-05**
- Add Information panel to JWS view showing decoded *iat*, *nbf* and *exp* values (Thanks to [@exploide](https://github.com/exploide) for collaborating on this).
- Add support for WebSocket messages containing JWT's.
- Preserve JWT order when message has multiple JWT's.
- Remove use of commons-lang3.

**2.2.2 2024-07-12**
- Fix issue where JWT's highlighted in Proxy regardless of config setting (Thanks to [@serate-actual](https://github.com/serate-actual) for reporting this).

**2.2.1 2024-05-06**
- Fix issue where an invalid Intruder signing key could prevent the extension from loading (Thanks to [@sebastianosrt](https://github.com/sebastianosrt) for reporting this).

**2.2 2024-02-29**
- Allow resigning of JWS tokens during fuzzing (Thanks to [@BafDyce](https://github.com/BafDyce)).

**2.1.1 2024-01-22**
- Use split panes to improve JWT editor with small screens or large font sizes (Thanks to [@eldstal](https://github.com/eldstal)).

**2.1 2024-01-01**
- Allow key IDs to be set before keys generated.
- Make symmetric and asymmetric key dialogs consistent.
- Fix bug allowing keys with duplicate IDs.


**2.0.2 2023-12-13**
- Fix memory leaks when deleting tabs containing JWTs.


**2.0.1 2023-10-30**
- Generate valid URL's when embedding Collaborator payloads within *x5u* and *jku* headers.


**2.0 2023-07-08**

Forked from [Fraser Winterborn](https://uk.linkedin.com/in/fraser-winterborn-198b8a129)'s version (original [repository](https://github.com/blackberry/jwt-editor)).
* Payload processing rule to support fuzzing within JWS.
* Insertion point provider for JWS header parameters.
* JWT highlighting within WebSocket messages.
* Update to Java 17 and PortSwigger's new Montoya API.
* Add ability to enable/disable JWT highlighting within proxied messages and to change highlight color.
* Add ability to inject Collaborator payloads into x5u and jku headers.
* Fix issue where invalid JWS's not recognised.
* Add ability to export keys as a JWK set.
* Add ability to sign with empty keys (CVE-2019-20933).
* Add ability to sign with psychic signatures (CVE-2022-21449).
* Color sections of serialized JWT differently.
* Remove standalone mode.
* Minor bug fixes and enhancements.
The complete changelog, which also includes prior versions, can be found [here](https://github.com/DolphFlynn/jwt-editor/blob/main/CHANGELOG.md).

## Loading JWT Editor
The easiest way of obtaining *JWT Editor* is via Burp Suite's [BAppStore](https://portswigger.net/bappstore/26aaa5ded2f74beea19e2ed8345a93dd).
Expand Down

0 comments on commit fbcbd33

Please sign in to comment.