O que é DOM based XSS finder?

DOM based XSS finder é uma extensão do Chrome desenvolvida por askn, e sua principal característica é "A Chrome extension for finding DOM based XSS vulnerabilities".

Capturas de Tela da Extensão

Baixar o arquivo CRX da Extensão DOM based XSS finder

Baixe arquivos de extensão DOM based XSS finder no formato crx, instale manualmente as extensões do Chrome no navegador ou compartilhe os arquivos crx com amigos para instalar facilmente as extensões do Chrome.

Instruções de Uso da Extensão

"DOM based XSS finder" is a Chrome extension that finds DOM based XSS vulnerabilities.

Finding DOM based XSS can be bothersome. This extension can be helpful. This extension has the following features:

- Notify if a user-input such as "location.href" leads to a dangerous function such as "eval".
- Fuzzing for user-inputs such as query, hash and referrer.
- Generate a PoC that generates a alert prompt.

This extension is actively developed. More features will be added in later versions.

**This tool is a dynamic JavaScript tracer, not a static JavaScript scanner. So you must execute JavaScript by manual crawling with this extension starting.**

Usage
1. Click the icon and hit "Start".
2. Browse pages that you want to scan.
3. If the extension finds a possible vulnerability of DOM based XSS, the extension shows a entry for that url.
4. Click "Detail" in the entry. A popup window show a source and a sink of the possible vulnerability.
5. Click "Check and Generate PoC" in the popup window. You can fuzzing the url.

Informações Básicas da Extensão

Nome	DOM based XSS finder
ID	ngmdldjheklkdchgkgnjoaabgejcnnoi
URL Oficial	https://chrome.google.com/webstore/detail/dom-based-xss-finder/ngmdldjheklkdchgkgnjoaabgejcnnoi
Descrição	A Chrome extension for finding DOM based XSS vulnerabilities
Tamanho do Arquivo	2.46 MB
Contagem de Instalações	2,000
Versão Atual	1.0.0
Última Atualização	2021-11-19
Data de Publicação	2020-02-05
Classificação	2.50/5 Total de 2 Avaliações
Desenvolvedor	askn
Email	[email protected]
Tipo de Pagamento	free
Site da Extensão	https://github.com/AsaiKen/dom-based-xss-finder
Idiomas Suportados	en
manifest.json
{ "update_url": "https:\/\/clients2.google.com\/service\/update2\/crx", "name": "DOM based XSS finder", "version": "1.0.0", "manifest_version": 2, "description": "A Chrome extension for finding DOM based XSS vulnerabilities", "permissions": [ "storage", "webNavigation", "tabs", ":\/\/\/", "debugger", "unlimitedStorage" ], "icons": { "16": "images\/app_icon_16.png", "128": "images\/app_icon_128.png" }, "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'", "browser_action": { "default_icon": "images\/icon-black.png", "default_title": "DOM based XSS finder", "default_popup": "popup.html" }, "background": { "scripts": [ "background.js" ], "persistent": true }, "options_ui": { "page": "options.html", "open_in_tab": true } }