Что такое DOM based XSS finder?

DOM based XSS finder - это расширение Chrome, разработанное askn, и его основная функция - "A Chrome extension for finding DOM based XSS vulnerabilities".

Снимки экрана расширения

Скачать файл CRX расширения DOM based XSS finder

Скачайте файлы расширений DOM based XSS finder в формате crx, установите расширения Chrome вручную в браузере или поделитесь файлами crx с друзьями, чтобы легко установить расширения Chrome.

Инструкции по использованию расширения

"DOM based XSS finder" is a Chrome extension that finds DOM based XSS vulnerabilities.

Finding DOM based XSS can be bothersome. This extension can be helpful. This extension has the following features:

- Notify if a user-input such as "location.href" leads to a dangerous function such as "eval".
- Fuzzing for user-inputs such as query, hash and referrer.
- Generate a PoC that generates a alert prompt.

This extension is actively developed. More features will be added in later versions.

**This tool is a dynamic JavaScript tracer, not a static JavaScript scanner. So you must execute JavaScript by manual crawling with this extension starting.**

Usage
1. Click the icon and hit "Start".
2. Browse pages that you want to scan.
3. If the extension finds a possible vulnerability of DOM based XSS, the extension shows a entry for that url.
4. Click "Detail" in the entry. A popup window show a source and a sink of the possible vulnerability.
5. Click "Check and Generate PoC" in the popup window. You can fuzzing the url.

Основная информация о расширении

Название	DOM based XSS finder
ID	ngmdldjheklkdchgkgnjoaabgejcnnoi
Официальный URL	https://chrome.google.com/webstore/detail/dom-based-xss-finder/ngmdldjheklkdchgkgnjoaabgejcnnoi
Описание	A Chrome extension for finding DOM based XSS vulnerabilities
Размер файла	2.46 MB
Количество установок	2,000
Текущая Версия	1.0.0
Последнее Обновление	2021-11-19
Дата публикации	2020-02-05
Рейтинг	2.50/5 Всего 2 оценок
Разработчик	askn
Электронная почта	[email protected]
Тип оплаты	free
Официальный сайт расширения	https://github.com/AsaiKen/dom-based-xss-finder
Поддерживаемые языки	en
manifest.json
{ "update_url": "https:\/\/clients2.google.com\/service\/update2\/crx", "name": "DOM based XSS finder", "version": "1.0.0", "manifest_version": 2, "description": "A Chrome extension for finding DOM based XSS vulnerabilities", "permissions": [ "storage", "webNavigation", "tabs", ":\/\/\/", "debugger", "unlimitedStorage" ], "icons": { "16": "images\/app_icon_16.png", "128": "images\/app_icon_128.png" }, "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'", "browser_action": { "default_icon": "images\/icon-black.png", "default_title": "DOM based XSS finder", "default_popup": "popup.html" }, "background": { "scripts": [ "background.js" ], "persistent": true }, "options_ui": { "page": "options.html", "open_in_tab": true } }