Co to jest DOM based XSS finder?

DOM based XSS finder to rozszerzenie Chrome opracowane przez askn, a jego główną funkcją jest „A Chrome extension for finding DOM based XSS vulnerabilities”.

Zrzuty ekranu rozszerzenia

Pobierz plik CRX rozszerzenia DOM based XSS finder

Pobierz pliki rozszerzeń DOM based XSS finder w formacie crx, zainstaluj ręcznie rozszerzenia Chrome w przeglądarce lub udostępnij pliki crx znajomym, aby łatwo zainstalować rozszerzenia Chrome.

Instrukcja Użytkowania Rozszerzenia

"DOM based XSS finder" is a Chrome extension that finds DOM based XSS vulnerabilities.

Finding DOM based XSS can be bothersome. This extension can be helpful. This extension has the following features:

- Notify if a user-input such as "location.href" leads to a dangerous function such as "eval".
- Fuzzing for user-inputs such as query, hash and referrer.
- Generate a PoC that generates a alert prompt.

This extension is actively developed. More features will be added in later versions.

**This tool is a dynamic JavaScript tracer, not a static JavaScript scanner. So you must execute JavaScript by manual crawling with this extension starting.**

Usage
1. Click the icon and hit "Start".
2. Browse pages that you want to scan.
3. If the extension finds a possible vulnerability of DOM based XSS, the extension shows a entry for that url.
4. Click "Detail" in the entry. A popup window show a source and a sink of the possible vulnerability.
5. Click "Check and Generate PoC" in the popup window. You can fuzzing the url.

Podstawowe informacje o rozszerzeniu

Nazwa	DOM based XSS finder
ID	ngmdldjheklkdchgkgnjoaabgejcnnoi
Oficjalny URL	https://chrome.google.com/webstore/detail/dom-based-xss-finder/ngmdldjheklkdchgkgnjoaabgejcnnoi
Opis	A Chrome extension for finding DOM based XSS vulnerabilities
Rozmiar pliku	2.46 MB
Liczba instalacji	2,000
Aktualna Wersja	1.0.0
Ostatnia Aktualizacja	2021-11-19
Data Publikacji	2020-02-05
Ocena	2.50/5 Łącznie 2 Oceny
Deweloper	askn
E-mail	[email protected]
Typ Płatności	free
Strona Rozszerzenia	https://github.com/AsaiKen/dom-based-xss-finder
Obsługiwane Języki	en
manifest.json
{ "update_url": "https:\/\/clients2.google.com\/service\/update2\/crx", "name": "DOM based XSS finder", "version": "1.0.0", "manifest_version": 2, "description": "A Chrome extension for finding DOM based XSS vulnerabilities", "permissions": [ "storage", "webNavigation", "tabs", ":\/\/\/", "debugger", "unlimitedStorage" ], "icons": { "16": "images\/app_icon_16.png", "128": "images\/app_icon_128.png" }, "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'", "browser_action": { "default_icon": "images\/icon-black.png", "default_title": "DOM based XSS finder", "default_popup": "popup.html" }, "background": { "scripts": [ "background.js" ], "persistent": true }, "options_ui": { "page": "options.html", "open_in_tab": true } }