DOM based XSS finder

A Chrome extension for finding DOM based XSS vulnerabilities

Hvad er DOM based XSS finder?

DOM based XSS finder er en Chrome-udvidelse udviklet af askn, og dens hovedfunktion er "A Chrome extension for finding DOM based XSS vulnerabilities".

Udvidelsesskærmbilleder

screenshot
screenshot
screenshot
screenshot
screenshot

Download DOM based XSS finder-udvidelses-CRX-fil

Download DOM based XSS finder-udvidelsesfiler i crx-format, installer Chrome-udvidelser manuelt i browseren eller del crx-filer med venner for nemt at installere Chrome-udvidelser.

Brugsanvisning til Udvidelsen

                        "DOM based XSS finder" is a Chrome extension that finds DOM based XSS vulnerabilities.

Finding DOM based XSS can be bothersome. This extension can be helpful. This extension has the following features:

- Notify if a user-input such as "location.href" leads to a dangerous function such as "eval".
- Fuzzing for user-inputs such as query, hash and referrer.
- Generate a PoC that generates a alert prompt.

This extension is actively developed. More features will be added in later versions.

**This tool is a dynamic JavaScript tracer, not a static JavaScript scanner. So you must execute JavaScript by manual crawling with this extension starting.**

Usage
1. Click the icon and hit "Start".
2. Browse pages that you want to scan.
3. If the extension finds a possible vulnerability of DOM based XSS, the extension shows a entry for that url.
4. Click "Detail" in the entry. A popup window show a source and a sink of the possible vulnerability.
5. Click "Check and Generate PoC" in the popup window. You can fuzzing the url.

Grundlæggende oplysninger om udvidelsen

Navn DOM based XSS finder DOM based XSS finder
ID ngmdldjheklkdchgkgnjoaabgejcnnoi
Officiel URL https://chrome.google.com/webstore/detail/dom-based-xss-finder/ngmdldjheklkdchgkgnjoaabgejcnnoi
Beskrivelse A Chrome extension for finding DOM based XSS vulnerabilities
Filstørrelse 2.46 MB
Antal Installationer 2,000
Nuværende Version 1.0.0
Senest Opdateret 2021-11-19
Udgivelsesdato 2020-02-05
Bedømmelse 2.50/5 Samlet 2 Bedømmelser
Udvikler askn
E-mail [email protected]
Betalingsmetode free
Udvidelseswebsted https://github.com/AsaiKen/dom-based-xss-finder
Understøttede Sprog en
manifest.json 
{
    "update_url": "https:\/\/clients2.google.com\/service\/update2\/crx",
    "name": "DOM based XSS finder",
    "version": "1.0.0",
    "manifest_version": 2,
    "description": "A Chrome extension for finding DOM based XSS vulnerabilities",
    "permissions": [
        "storage",
        "webNavigation",
        "tabs",
        "*:\/\/*\/",
        "debugger",
        "unlimitedStorage"
    ],
    "icons": {
        "16": "images\/app_icon_16.png",
        "128": "images\/app_icon_128.png"
    },
    "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'",
    "browser_action": {
        "default_icon": "images\/icon-black.png",
        "default_title": "DOM based XSS finder",
        "default_popup": "popup.html"
    },
    "background": {
        "scripts": [
            "background.js"
        ],
        "persistent": true
    },
    "options_ui": {
        "page": "options.html",
        "open_in_tab": true
    }
}

Relaterede Udvidelser

XSS辅助工具
XSS辅助工具
OWASP Penetration Testing Kit
OWASP Penetration Testing Kit
Hack-Tools
Hack-Tools
Bishop Vulnerability Scanner
Bishop Vulnerability Scanner
HackBar
HackBar
YesWeHack VDP Finder
YesWeHack VDP Finder
CounterXSS
CounterXSS
XSS
XSS
Vulners Web Scanner
Vulners Web Scanner
ZoomEye Tools
ZoomEye Tools
Vulnerability Assessment Swascan
Vulnerability Assessment Swascan
Plugin Vulnerabilities
Plugin Vulnerabilities
Tracy
Tracy
Cyber Web Tools
Cyber Web Tools
Untrusted Types for DevTools
Untrusted Types for DevTools
Information Gathering
Information Gathering
Shodan
Shodan
Display Access Keys
Display Access Keys
Ninja File Collector
Ninja File Collector
Breakbot
Breakbot
retire.js
retire.js
HackBar
HackBar
Monhack
Monhack
FindSomething
FindSomething