All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Added editable human-readable versions of
iatandexpfields - Added dark/light theme switcher
- Added update checking button
- Added "Copy as CSV" function for attack payloads
- Added more copy buttons around the UI
- Exit on ctrl+Q
- Added interface scaling options
- Persist UI scaling and dark/light mode selection
- Set default window size to 1280x1024
- GUI elements now fill the width of the window
- Added null signature attack
- Updated dependencies, removing security bugs in openssl, xcb, and nix
- Added signature type
RETAINto copy the original signature straight into the re-encoded token - Added button to copy all attacks to clipboard
- Added support for ES256, ES384, and ES512 ECDSA signatures
- Added support for RSASSA-PKCS1-v1_5 signatures using SHA256, SHA384, and SHA512
- Fixed broken Windows build
- Add UI buttons to delete generated tokens and clear the entire list
- Add UI button to clear log entries
- If no secret provided then guess common values before validating the signature
- Include build version and date in the title
- Added
libxcb-render0to deb dependencies
Initial release. Features:
- Decode JWTs and inspect the headers and claims
- Automatically try some common secrets
- Generate
alg:noneattack payloads - Easily update
iatandexpwith various offsets - Sign and encode tokens with common algorithms
- Accept and encode invalid JSON payloads