DOM based XSS finder
A Chrome extension for finding DOM based XSS vulnerabilities
DOM based XSS finderとは何ですか?
DOM based XSS finderはasknによって開発されたChromeの拡張機能で、その主な機能は「A Chrome extension for finding DOM based XSS vulnerabilities」です。
拡張機能のスクリーンショット
DOM based XSS finder拡張機能のCRXファイルをダウンロード
DOM based XSS finder拡張子のファイルをcrx形式でダウンロードし、ブラウザにChrome拡張機能を手動でインストールするか、crxファイルを友達と共有して簡単にChrome拡張機能をインストールします。
拡張機能の使用方法
"DOM based XSS finder" is a Chrome extension that finds DOM based XSS vulnerabilities.
Finding DOM based XSS can be bothersome. This extension can be helpful. This extension has the following features:
- Notify if a user-input such as "location.href" leads to a dangerous function such as "eval".
- Fuzzing for user-inputs such as query, hash and referrer.
- Generate a PoC that generates a alert prompt.
This extension is actively developed. More features will be added in later versions.
**This tool is a dynamic JavaScript tracer, not a static JavaScript scanner. So you must execute JavaScript by manual crawling with this extension starting.**
Usage
1. Click the icon and hit "Start".
2. Browse pages that you want to scan.
3. If the extension finds a possible vulnerability of DOM based XSS, the extension shows a entry for that url.
4. Click "Detail" in the entry. A popup window show a source and a sink of the possible vulnerability.
5. Click "Check and Generate PoC" in the popup window. You can fuzzing the url. 拡張機能の基本情報
| 名前 |  DOM based XSS finder |
| ID | ngmdldjheklkdchgkgnjoaabgejcnnoi |
| 公式URL | https://chrome.google.com/webstore/detail/dom-based-xss-finder/ngmdldjheklkdchgkgnjoaabgejcnnoi |
| 説明 | A Chrome extension for finding DOM based XSS vulnerabilities |
| ファイルサイズ | 2.46 MB |
| インストール数 | 2,000 |
| 現在のバージョン | 1.0.0 |
| 最終更新日 | 2021-11-19 |
| 公開日 | 2020-02-05 |
| 評価 | 2.50/5 合計 2 レビュー |
| 開発者 | askn |
| Eメール | [email protected] |
| 支払い方法 | free |
| 拡張機能のウェブサイト | https://github.com/AsaiKen/dom-based-xss-finder |
| 対応言語 | en |
| manifest.json | |
{
"update_url": "https:\/\/clients2.google.com\/service\/update2\/crx",
"name": "DOM based XSS finder",
"version": "1.0.0",
"manifest_version": 2,
"description": "A Chrome extension for finding DOM based XSS vulnerabilities",
"permissions": [
"storage",
"webNavigation",
"tabs",
"*:\/\/*\/",
"debugger",
"unlimitedStorage"
],
"icons": {
"16": "images\/app_icon_16.png",
"128": "images\/app_icon_128.png"
},
"content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'",
"browser_action": {
"default_icon": "images\/icon-black.png",
"default_title": "DOM based XSS finder",
"default_popup": "popup.html"
},
"background": {
"scripts": [
"background.js"
],
"persistent": true
},
"options_ui": {
"page": "options.html",
"open_in_tab": true
}
} | |
