DOM based XSS finder

A Chrome extension for finding DOM based XSS vulnerabilities

DOM based XSS finder란 무엇입니까?

DOM based XSS finder은(는) askn에 의해 개발된 Chrome 확장 프로그램으로, 주요 기능은 "A Chrome extension for finding DOM based XSS vulnerabilities"입니다.

확장 프로그램 스크린샷

screenshot
screenshot
screenshot
screenshot
screenshot

DOM based XSS finder 확장 프로그램 CRX 파일 다운로드

크롬 확장 프로그램을 crx 형식으로 다운로드하여 브라우저에 수동으로 설치하거나 crx 파일을 친구들과 공유하여 쉽게 크롬 확장 프로그램을 설치하세요.

확장 프로그램 사용 설명서

                        "DOM based XSS finder" is a Chrome extension that finds DOM based XSS vulnerabilities.

Finding DOM based XSS can be bothersome. This extension can be helpful. This extension has the following features:

- Notify if a user-input such as "location.href" leads to a dangerous function such as "eval".
- Fuzzing for user-inputs such as query, hash and referrer.
- Generate a PoC that generates a alert prompt.

This extension is actively developed. More features will be added in later versions.

**This tool is a dynamic JavaScript tracer, not a static JavaScript scanner. So you must execute JavaScript by manual crawling with this extension starting.**

Usage
1. Click the icon and hit "Start".
2. Browse pages that you want to scan.
3. If the extension finds a possible vulnerability of DOM based XSS, the extension shows a entry for that url.
4. Click "Detail" in the entry. A popup window show a source and a sink of the possible vulnerability.
5. Click "Check and Generate PoC" in the popup window. You can fuzzing the url.

확장 프로그램 기본 정보

이름 DOM based XSS finder DOM based XSS finder
ID ngmdldjheklkdchgkgnjoaabgejcnnoi
공식 URL https://chrome.google.com/webstore/detail/dom-based-xss-finder/ngmdldjheklkdchgkgnjoaabgejcnnoi
설명 A Chrome extension for finding DOM based XSS vulnerabilities
파일 크기 2.46 MB
설치 횟수 2,000
현재 버전 1.0.0
최근 업데이트 2021-11-19
출시 날짜 2020-02-05
평점 2.50/5 총 2 개의 평점
개발자 askn
이메일 [email protected]
결제 유형 free
확장 프로그램 웹 사이트 https://github.com/AsaiKen/dom-based-xss-finder
지원되는 언어 en
manifest.json 
{
    "update_url": "https:\/\/clients2.google.com\/service\/update2\/crx",
    "name": "DOM based XSS finder",
    "version": "1.0.0",
    "manifest_version": 2,
    "description": "A Chrome extension for finding DOM based XSS vulnerabilities",
    "permissions": [
        "storage",
        "webNavigation",
        "tabs",
        "*:\/\/*\/",
        "debugger",
        "unlimitedStorage"
    ],
    "icons": {
        "16": "images\/app_icon_16.png",
        "128": "images\/app_icon_128.png"
    },
    "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'",
    "browser_action": {
        "default_icon": "images\/icon-black.png",
        "default_title": "DOM based XSS finder",
        "default_popup": "popup.html"
    },
    "background": {
        "scripts": [
            "background.js"
        ],
        "persistent": true
    },
    "options_ui": {
        "page": "options.html",
        "open_in_tab": true
    }
}

관련 확장 프로그램

XSS辅助工具
XSS辅助工具
OWASP Penetration Testing Kit
OWASP Penetration Testing Kit
Hack-Tools
Hack-Tools
Bishop Vulnerability Scanner
Bishop Vulnerability Scanner
HackBar
HackBar
YesWeHack VDP Finder
YesWeHack VDP Finder
CounterXSS
CounterXSS
XSS
XSS
Vulners Web Scanner
Vulners Web Scanner
ZoomEye Tools
ZoomEye Tools
Vulnerability Assessment Swascan
Vulnerability Assessment Swascan
Plugin Vulnerabilities
Plugin Vulnerabilities
Tracy
Tracy
Cyber Web Tools
Cyber Web Tools
Untrusted Types for DevTools
Untrusted Types for DevTools
Information Gathering
Information Gathering
Shodan
Shodan
Display Access Keys
Display Access Keys
Ninja File Collector
Ninja File Collector
Breakbot
Breakbot
retire.js
retire.js
HackBar
HackBar
Monhack
Monhack
FindSomething
FindSomething