Was ist DOM based XSS finder?

DOM based XSS finder ist eine Chrome-Erweiterung, die von askn entwickelt wurde, und ihr Hauptmerkmal ist "A Chrome extension for finding DOM based XSS vulnerabilities".

Erweiterungsscreenshots

DOM based XSS finder-Erweiterungs-CRX-Datei herunterladen

Laden Sie DOM based XSS finder-Erweiterungsdateien im crx-Format herunter, installieren Sie Chrome-Erweiterungen manuell im Browser oder teilen Sie die crx-Dateien mit Freunden, um Chrome-Erweiterungen einfach zu installieren.

Anleitung zur Verwendung der Erweiterung

"DOM based XSS finder" is a Chrome extension that finds DOM based XSS vulnerabilities.

Finding DOM based XSS can be bothersome. This extension can be helpful. This extension has the following features:

- Notify if a user-input such as "location.href" leads to a dangerous function such as "eval".
- Fuzzing for user-inputs such as query, hash and referrer.
- Generate a PoC that generates a alert prompt.

This extension is actively developed. More features will be added in later versions.

**This tool is a dynamic JavaScript tracer, not a static JavaScript scanner. So you must execute JavaScript by manual crawling with this extension starting.**

Usage
1. Click the icon and hit "Start".
2. Browse pages that you want to scan.
3. If the extension finds a possible vulnerability of DOM based XSS, the extension shows a entry for that url.
4. Click "Detail" in the entry. A popup window show a source and a sink of the possible vulnerability.
5. Click "Check and Generate PoC" in the popup window. You can fuzzing the url.

Grundlegende Informationen zur Erweiterung

Name	DOM based XSS finder
ID	ngmdldjheklkdchgkgnjoaabgejcnnoi
Offizielle URL	https://chrome.google.com/webstore/detail/dom-based-xss-finder/ngmdldjheklkdchgkgnjoaabgejcnnoi
Beschreibung	A Chrome extension for finding DOM based XSS vulnerabilities
Dateigröße	2.46 MB
Installationsanzahl	2,000
Aktuelle Version	1.0.0
Letztes Update	2021-11-19
Veröffentlichungsdatum	2020-02-05
Bewertung	2.50/5 Insgesamt 2 Bewertungen
Entwickler	askn
E-Mail	[email protected]
Zahlungsart	free
Erweiterungswebsite	https://github.com/AsaiKen/dom-based-xss-finder
Unterstützte Sprachen	en
manifest.json
{ "update_url": "https:\/\/clients2.google.com\/service\/update2\/crx", "name": "DOM based XSS finder", "version": "1.0.0", "manifest_version": 2, "description": "A Chrome extension for finding DOM based XSS vulnerabilities", "permissions": [ "storage", "webNavigation", "tabs", ":\/\/\/", "debugger", "unlimitedStorage" ], "icons": { "16": "images\/app_icon_16.png", "128": "images\/app_icon_128.png" }, "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'", "browser_action": { "default_icon": "images\/icon-black.png", "default_title": "DOM based XSS finder", "default_popup": "popup.html" }, "background": { "scripts": [ "background.js" ], "persistent": true }, "options_ui": { "page": "options.html", "open_in_tab": true } }