Cos'è DOM based XSS finder?

DOM based XSS finder è un'estensione di Chrome sviluppata da askn, e la sua funzione principale è "A Chrome extension for finding DOM based XSS vulnerabilities".

Screenshot dell'Estensione

Scarica il file CRX dell'estensione DOM based XSS finder

Scarica i file di estensione DOM based XSS finder in formato crx, installa manualmente le estensioni di Chrome nel browser o condividi i file crx con gli amici per installare facilmente le estensioni di Chrome.

Istruzioni per l'Uso dell'Estensione

"DOM based XSS finder" is a Chrome extension that finds DOM based XSS vulnerabilities.

Finding DOM based XSS can be bothersome. This extension can be helpful. This extension has the following features:

- Notify if a user-input such as "location.href" leads to a dangerous function such as "eval".
- Fuzzing for user-inputs such as query, hash and referrer.
- Generate a PoC that generates a alert prompt.

This extension is actively developed. More features will be added in later versions.

**This tool is a dynamic JavaScript tracer, not a static JavaScript scanner. So you must execute JavaScript by manual crawling with this extension starting.**

Usage
1. Click the icon and hit "Start".
2. Browse pages that you want to scan.
3. If the extension finds a possible vulnerability of DOM based XSS, the extension shows a entry for that url.
4. Click "Detail" in the entry. A popup window show a source and a sink of the possible vulnerability.
5. Click "Check and Generate PoC" in the popup window. You can fuzzing the url.

Informazioni di Base sull'Estensione

Nome	DOM based XSS finder
ID	ngmdldjheklkdchgkgnjoaabgejcnnoi
URL Ufficiale	https://chrome.google.com/webstore/detail/dom-based-xss-finder/ngmdldjheklkdchgkgnjoaabgejcnnoi
Descrizione	A Chrome extension for finding DOM based XSS vulnerabilities
Dimensione del File	2.46 MB
Conteggio Installazioni	2,000
Versione Corrente	1.0.0
Ultimo Aggiornamento	2021-11-19
Data di Pubblicazione	2020-02-05
Valutazione	2.50/5 Totale 2 Valutazioni
Sviluppatore	askn
Email	[email protected]
Tipo di Pagamento	free
Sito Web dell'Estensione	https://github.com/AsaiKen/dom-based-xss-finder
Lingue Supportate	en
manifest.json
{ "update_url": "https:\/\/clients2.google.com\/service\/update2\/crx", "name": "DOM based XSS finder", "version": "1.0.0", "manifest_version": 2, "description": "A Chrome extension for finding DOM based XSS vulnerabilities", "permissions": [ "storage", "webNavigation", "tabs", ":\/\/\/", "debugger", "unlimitedStorage" ], "icons": { "16": "images\/app_icon_16.png", "128": "images\/app_icon_128.png" }, "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'", "browser_action": { "default_icon": "images\/icon-black.png", "default_title": "DOM based XSS finder", "default_popup": "popup.html" }, "background": { "scripts": [ "background.js" ], "persistent": true }, "options_ui": { "page": "options.html", "open_in_tab": true } }