DOM based XSS finder
A Chrome extension for finding DOM based XSS vulnerabilities
什么是DOM based XSS finder?
DOM based XSS finder是由askn开发的Chrome扩展程序,该扩展的主要功能是“A Chrome extension for finding DOM based XSS vulnerabilities”。
扩展截图
下载DOM based XSS finder扩展crx文件
下载DOM based XSS finder扩展crx格式的文件,手动将Chrome插件安装到浏览器中,也可以将crx文件分享给朋友,轻松安装Chrome插件。
扩展使用说明
"DOM based XSS finder" is a Chrome extension that finds DOM based XSS vulnerabilities.
Finding DOM based XSS can be bothersome. This extension can be helpful. This extension has the following features:
- Notify if a user-input such as "location.href" leads to a dangerous function such as "eval".
- Fuzzing for user-inputs such as query, hash and referrer.
- Generate a PoC that generates a alert prompt.
This extension is actively developed. More features will be added in later versions.
**This tool is a dynamic JavaScript tracer, not a static JavaScript scanner. So you must execute JavaScript by manual crawling with this extension starting.**
Usage
1. Click the icon and hit "Start".
2. Browse pages that you want to scan.
3. If the extension finds a possible vulnerability of DOM based XSS, the extension shows a entry for that url.
4. Click "Detail" in the entry. A popup window show a source and a sink of the possible vulnerability.
5. Click "Check and Generate PoC" in the popup window. You can fuzzing the url. 扩展基本信息
| 名称 |  DOM based XSS finder |
| ID | ngmdldjheklkdchgkgnjoaabgejcnnoi |
| 官方URL | https://chrome.google.com/webstore/detail/dom-based-xss-finder/ngmdldjheklkdchgkgnjoaabgejcnnoi |
| 简介 | A Chrome extension for finding DOM based XSS vulnerabilities |
| 文件大小 | 2.46 MB |
| 安装次数 | 2,000 |
| 当前版本 | 1.0.0 |
| 更新时间 | 2021-11-19 |
| 上架时间 | 2020-02-05 |
| 评分 | 2.50/5 共2次评分 |
| 开发者 | askn |
| 电子邮箱 | [email protected] |
| 付费类型 | free |
| 扩展官网 | https://github.com/AsaiKen/dom-based-xss-finder |
| 支持的语言 | en |
| manifest.json | |
{
"update_url": "https:\/\/clients2.google.com\/service\/update2\/crx",
"name": "DOM based XSS finder",
"version": "1.0.0",
"manifest_version": 2,
"description": "A Chrome extension for finding DOM based XSS vulnerabilities",
"permissions": [
"storage",
"webNavigation",
"tabs",
"*:\/\/*\/",
"debugger",
"unlimitedStorage"
],
"icons": {
"16": "images\/app_icon_16.png",
"128": "images\/app_icon_128.png"
},
"content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'",
"browser_action": {
"default_icon": "images\/icon-black.png",
"default_title": "DOM based XSS finder",
"default_popup": "popup.html"
},
"background": {
"scripts": [
"background.js"
],
"persistent": true
},
"options_ui": {
"page": "options.html",
"open_in_tab": true
}
} | |
