v0.5.0

[v0.5.0] - 2022-07-09

Added

• Added editable human-readable versions of iat and exp fields
• Added dark/light theme switcher
• Added update checking button
• Added "Copy as CSV" function for attack payloads
• Added more copy buttons around the UI
• Exit on ctrl+Q
• Added interface scaling options
• Persist UI scaling and dark/light mode selection

Changed

• Set default window size to 1280x1024
• GUI elements now fill the width of the window

v0.4.1

[v0.4.1] - 2022-07-07

Added

• Added null signature attack

Security

• Updated dependencies, removing security bugs in openssl, xcb, and nix

v0.4.0

[v0.4.0]

Added

• Added signature type RETAIN to copy the original signature straight into the re-encoded token
• Added button to copy all attacks to clipboard
• Added support for ES256, ES384, and ES512 ECDSA signatures
• Added support for RSASSA-PKCS1-v1_5 signatures using SHA256, SHA384, and SHA512

v0.3.1

[v0.3.1]

Fixed

• Fixed broken Windows build

v0.3.0

[v0.3.0]

Added

• Add UI buttons to delete generated tokens and clear the entire list
• Add UI button to clear log entries

v0.2.0

[v0.2.0]

Changed

• If no secret provided then guess common values before validating the signature
• Include build version and date in the title
• Added libxcb-render0 to deb dependencies

v0.1.0

[v0.1.0]

Initial release. Features:

• Decode JWTs and inspect the headers and claims
• Automatically try some common secrets
• Generate alg:none attack payloads
• Easily update iat and exp with various offsets
• Sign and encode tokens with common algorithms