JOSEPH - JavaScript Object Signing and Encryption Pentesting Helper

This extension helps to test applications that use JavaScript Object Signing and Encryption, including JSON Web Tokens.

Features

• Recognition and marking
• JWS/JWE editors
• (Semi-)Automated attacks
  • Bleichenbacher MMA
  • Key Confusion (aka Algorithm Substitution)
  • Signature Exclusion
• Base64url en-/decoder
• Easy extensibility of new attacks