{"id":13636705,"url":"https://github.com/bayotop/sink-logger","last_synced_at":"2025-04-19T08:33:00.112Z","repository":{"id":173607821,"uuid":"132758974","full_name":"bayotop/sink-logger","owner":"bayotop","description":"Transparently log all data passed into known JavaScript sinks - Sink Logger extension for Burp.","archived":true,"fork":false,"pushed_at":"2022-07-20T14:21:13.000Z","size":184,"stargazers_count":50,"open_issues_count":0,"forks_count":13,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-11-09T06:38:49.690Z","etag":null,"topics":["burp","burp-extensions","domxss","javascript","jython"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bayotop.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2018-05-09T13:12:32.000Z","updated_at":"2024-10-03T05:13:26.000Z","dependencies_parsed_at":null,"dependency_job_id":"ec675b8b-d9dd-484a-aedc-6c49b4860041","html_url":"https://github.com/bayotop/sink-logger","commit_stats":{"total_commits":16,"total_committers":5,"mean_commits":3.2,"dds":0.3125,"last_synced_commit":"493230907f5e5199952fbfc47d72aed87b21c729"},"previous_names":["bayotop/sink-logger"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bayotop%2Fsink-logger","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bayotop%2Fsink-logger/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bayotop%2Fsink-logger/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bayotop%2Fsink-logger/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bayotop","download_url":"https://codeload.github.com/bayotop/sink-logger/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249650369,"owners_count":21305998,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["burp","burp-extensions","domxss","javascript","jython"],"created_at":"2024-08-02T00:01:04.297Z","updated_at":"2025-04-19T08:32:59.823Z","avatar_url":"https://github.com/bayotop.png","language":"Python","funding_links":[],"categories":["Python","Logging and Notes","\u003ca id=\"9522b6866834eb0ce3563b27921745a4\"\u003e\u003c/a\u003e工具"],"sub_categories":["Template Injection","SSRF","\u003ca id=\"285c52a4e04dd2f86646c8e1235c9332\"\u003e\u003c/a\u003e工具"],"readme":"**This repository is no longer maintained. See https://portswigger.net/burp/documentation/desktop/tools/dom-invader instead.**\n\n# sink-logger\n\nTransparently log all data passed into known JavaScript sinks - Sink Logger extension for Burp.\n\n### Description\n\nSink Logger is a Burp Suite Extension that allows to transparently monitor various JavaScript sinks. All data passed into the defined sinks is logged into the browser's console. This is done by injecting a custom [Proxy](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Proxy) initialization script into chosen HTTP responses and \"proxifying\" all sinks.\n\n![Logs](sink-logger.png?raw=true \"Sink Logger Filtered\")\n\n### Technical details\n\nThe extension intercepts responses and does 2 major things:\n\n- In case the response is HTML or JavaScript it injects a script initializing a custom Proxy.\n```JS\nvar QF9iYXlvdG9w = QF9iYXlvdG9w || new Proxy({}, {\n    set: function(target, key, value, receiver) {\n        if (value != undefined \u0026\u0026 value !== \"\") {\n            if ((value + \"\").startsWith(\"[object\")) {\n                try {\n                    var svalue = JSON.stringify(value);\n                } catch(error) {}\n            }\n            console.warn(`Sink log (${key}): ${svalue !== undefined ? svalue : value}`);\n        }\n        return Reflect.set(target, key, value, receiver);\n    }\n});\n```\n- It \"proxifies\" all sinks. Currently 3 different sink types are supported: **.innerHTML**, **eval()** and **document.write()**.\n```python\nself.sinkPatterns = {\n    # pattern: replacement passed into re.sub()\n    r'\\.innerHTML=': '.innerHTML=QF9iYXlvdG9w.innerHTML=',\n    r'eval\\(([^)])': r'eval(QF9iYXlvdG9w.eval=\\1',\n    r'document\\.write\\(([^)])': r'document.write(QF9iYXlvdG9w.write=\\1'\n}\n```\n\n*Note: You can easily add custom sinks, or any other assignment / method call you want to proxify, by extending this dictionary. No other code changes are needed.*\n\n\"Proxifying\" a sink means to edit existing JavaScript so that every sink is preceded by an assignment to the proxy:\n\n```JS\nx.innerHTML=x.trim(); // becomes x.innerHTML=QF9iYXlvdG9w.innerHTML=x.trim();\ndocument.write(\"string\"); // becomes document.write(QF9iYXlvdG9w.write=\"string\");\n```\n\nNo sematic changes, no syntax errors (please report an issue if you find out otherwise).\n\n### Remarks\n\n- During the process CSP headers (and the `\u003cmeta\u003e` tag) as well as SRI checks are stripped. **This puts you at risk when surfing the web**.\n- Websites may break. The aim is to be completely transparent, in some cases, however, the modifications may result in invalid JavaScript syntax or otherwise break web-apps. Please consider reporting an issue if you encounter such behavior.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbayotop%2Fsink-logger","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbayotop%2Fsink-logger","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbayotop%2Fsink-logger/lists"}