{"id":13762848,"url":"https://github.com/kevin-mizu/domloggerpp","last_synced_at":"2026-04-07T21:02:52.405Z","repository":{"id":203559926,"uuid":"709872432","full_name":"kevin-mizu/domloggerpp","owner":"kevin-mizu","description":"A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations. ","archived":false,"fork":false,"pushed_at":"2025-10-24T13:52:58.000Z","size":14233,"stargazers_count":710,"open_issues_count":13,"forks_count":73,"subscribers_count":9,"default_branch":"main","last_synced_at":"2025-10-24T15:36:33.467Z","etag":null,"topics":["detection","pentesting","web"],"latest_commit_sha":null,"homepage":"https://x.com/kevin_mizu","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kevin-mizu.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"kevin-mizu","buy_me_a_coffee":"kevin.mizu"}},"created_at":"2023-10-25T15:04:02.000Z","updated_at":"2025-10-24T13:50:57.000Z","dependencies_parsed_at":null,"dependency_job_id":"8a0e2975-8fa7-4b75-9c61-794f674f9316","html_url":"https://github.com/kevin-mizu/domloggerpp","commit_stats":null,"previous_names":["kevin-mizu/domloggerpp"],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/kevin-mizu/domloggerpp","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kevin-mizu%2Fdomloggerpp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kevin-mizu%2Fdomloggerpp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kevin-mizu%2Fdomloggerpp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kevin-mizu%2Fdomloggerpp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kevin-mizu","download_url":"https://codeload.github.com/kevin-mizu/domloggerpp/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kevin-mizu%2Fdomloggerpp/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31528752,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-07T16:28:08.000Z","status":"ssl_error","status_checked_at":"2026-04-07T16:28:06.951Z","response_time":105,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["detection","pentesting","web"],"created_at":"2024-08-03T14:00:59.016Z","updated_at":"2026-04-07T21:02:52.399Z","avatar_url":"https://github.com/kevin-mizu.png","language":"JavaScript","funding_links":["https://github.com/sponsors/kevin-mizu","https://buymeacoffee.com/kevin.mizu"],"categories":["Weapons","JavaScript"],"sub_categories":["Browser Addons"],"readme":"\u003cp align=\"center\"\u003e\n    \u003cimg src=\"./.github/banner.png\" width=\"80%\"\u003e\u003cbr\u003e\n    A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.\n    \u003cbr\u003e\n    \u003cimg alt=\"GitHub release (latest by date)\" src=\"https://img.shields.io/github/v/release/kevin-mizu/DOMLoggerpp\"\u003e\n    \u003ca href=\"https://twitter.com/intent/follow?screen_name=kevin_mizu\" title=\"Follow\"\u003e\u003cimg src=\"https://img.shields.io/twitter/follow/podalirius_?label=kevin_mizu\u0026style=social\"\u003e\u003c/a\u003e\n    \u003cbr\u003e\n\u003c/p\u003e\n\n## 📦 Installation\n\n**From extension stores**:\n\n- Firefox: https://addons.mozilla.org/en-US/firefox/addon/domloggerpp\n- Chromium: https://chrome.google.com/webstore/detail/domlogger%2B%2B/lkpfjhmpbmpflldmdpdoabimdbaclolp\n- Safari: Not yet available.\n\n**Manual installation**:\n\nDownload the latest release: https://github.com/kevin-mizu/domloggerpp/releases/\n\n- Firefox: Go to `about:debugging#/runtime/this-firefox` and click on `Load Temporary Add-on`.\n\n\u003cp align=\"center\"\u003e\n    \u003cimg src=\"./.github/images/firefox_manual.png\"\u003e\n\u003c/p\u003e\n\n- Chromium: Go to `chrome://extensions/`, enable `Developer mode` and click on `Load unpacked`.\n\n\u003cp align=\"center\"\u003e\n    \u003cimg src=\"./.github/images/chromium_manual.png\"\u003e\n\u003c/p\u003e\n\n*if you want to build the extension by yourself, check the [app](./app/) folder.*\n\n\u003cbr\u003e\n\n## 🌟 Features\n\n- [x] Regex-based domain management.\n- [x] Flexible hooking configuration (`class`, `function`, `attribute`, `event`).\n- [x] Regex-based hooks arguments and stack trace filtering (`match`, `!match`, `matchTrace`, `!matchTrace`).\n- [x] Dynamic regex generation (`exec:`).\n- [x] Dynamic sinks arguments update (`beforeEnter`; `afterEnter`).\n- [x] Customizable notifications system (`alert`, `notification`).\n- [x] Required hook logging condition (`requiredHook`).\n- [x] On-demand debugging breakpoints.\n- [x] Integrated Devtools log panel.\n- [x] Response headers filtering.\n- [x] Remote logging via webhooks.\n- [x] Extensive theme customization.\n\n\u003cbr\u003e\n\n## 📝 Usage example\n\nhttps://github.com/kevin-mizu/domloggerpp/assets/48991194/d6ac9f90-0f44-4cd2-a5e6-890cd44b0aeb\n\n\u003cbr\u003e\n\n## 🛠️ Devtools\n\n![](./.github/images/devtools.png)\n\n1. `Custom filter buttons`: Dynamically generated from your custom settings, these buttons facilitate log filtering.\n2. `Data/Canary search bar`: Easily filter and highlight logs using specific criteria related to a sink's args data.\n3. `Advanced column search`: Tailor your search to specific column criteria, like `sink=innerHTML;frame=top`, for more refined results.\n4. `Global search bar`: This default datatable feature enables searching across all columns.\n5. `Debug button`: Navigate directly to the page triggering the sink, with an automatic breakpoint for debugging.\n6. `Log data management buttons`:\n   - Import JSON log data.\n   - Clear existing log data.\n   - Export log data in JSON format.\n\n\u003cbr\u003e\n\n## 💬 Popup\n\n\u003cp align=\"center\"\u003e\n    \u003cimg src=\"./.github/images/popup.png\" width=\"262\" height=\"450\"\u003e\n\u003c/p\u003e\n\n- `Domains`: Define allowed domains using regex to specify from which sites you'd like to receive logs.\n- `Hooking`: Choose the hooking configuration to apply on the selected website.\n- `Misc`: Enable or disable specific configuration settings.\n    * `PwnFox support`: Allow all the [PwnFox](https://github.com/yeswehack/PwnFox) containers (Firefox only).\n    * `Remove response headers`: Removes response headers according to your configuration file.\n\u003cbr\u003e\n\n## ⚙️ Settings\n\nhttps://github.com/kevin-mizu/domloggerpp/assets/48991194/0827eef3-6c16-42fc-b84d-d8ea16def6bf\n\n- `Settings`: Manage your hooking configurations - create, edit, modify, and remove as per your needs.\n- `Domains`: Easily manage allowed domains, similar to the functionality in the popup menu.\n- `Webhook`: Specify a remote host that will receive logs based on your configuration settings.\n- `Devtools`: If you're using a backend server and prefer not to display information in your devtool panel, this section lets you disable that feature.\n- `Table`: Personalize the devtools tables to align with your preferences.\n- `Customize`: Personalize the application's theme to align with your preferences.\n\n\u003cbr\u003e\n\n## 🔗 Hooking configuration\n\n### Global JSON structure\n\n```json\n{\n    \"_description\": \"JSON config example\",\n\n    \"hooks\": {\n        \"category\": {\n            \"type_1\": [ \"sink_1\", \"sink_2\" ],\n            \"type_2\": [ \"sink_1\", \"sink_2\" ]\n        }\n    },\n\n    \"config\": {\n        \"*\": {},\n        \"sink_1\": {\n            \"match\": [ \"regex_1\", \"regex_2\", \"exec:return 'regex_3'\" ],\n            \"!match\": [ \"regex_1\", \"regex_2\", \"exec:return 'regex_3'\" ],\n            \"matchTrace\": [ \"regex_1\", \"regex_2\", \"exec:return 'regex_3'\" ],\n            \"!matchTrace\": [ \"regex_1\", \"regex_2\", \"exec:return 'regex_3'\" ],\n            \"beforeEnter\": \"return args\",\n            \"afterEnter\": \"return args\",\n            \"requiredHook\": [ \"type_2\" ],\n            \"alert\": {\n                \"match\": [ \"regex_1\", \"regex_2\", \"exec:return 'regex_3'\" ],\n                \"!match\": [ \"regex_1\", \"regex_2\", \"exec:return 'regex_3'\" ],\n                \"notification\": true\n            },\n            \"showThis\": true\n        }\n    },\n\n    \"globals\": {\n        \"Blacklist\": [ \"api\", \"app\" ]\n    },\n\n    \"onload\": \"console.log(1)\",\n\n    \"removeHeaders\": [ \"content-security-policy\" ]\n}\n```\n\n*None of the specified keys in the configuration are mandatory; they can be manage to fit specific needs or omitted as desired.*\n\n### _Description\n\nThis key aims to provide a way to insert notes within the configuration JSON itself. The value can be whatever you want as long as the JSON remains valid.\n\n### Hooks\n\n- `category`: Acts as a filter in the devtools panel, helping you organize and identify the sinks.\n- `type_X`: Specifies the type of sink you're targeting. The possible types are:\n    + class\n    + attribute\n    + function\n    + event\n- `sink_X`: This denotes the name of the sink that needs to be hooked, the notation varies based on type:\n    + `class` \u0026 `function`: Use the target name directly, such as `URLSearchParams`.\n    + `event`: Only use the event name. For instance, for the `onmessage` event, simply use `message`.\n    + `attribute`: Prefix with `set:` or/and `get:` as appropriate. An example would be `set:Element.prototype.innerHTML`.\n\n### Config\n\n- `sink`: Refers to the target sink to be configured. It's essential for this to be present in the hooks section.\n- `match` || `matchTrace`: An array of regular expressions. The `parameters` || `stack trace` of the sink must respect to these patterns.\n- `!match` || `!matchTrace`: An array of regular expressions that the `parameters` || `stack trace` of the sink should not match.\n- `beforeEnter` || `afterEnter`: This key should contain a raw JavaScript function that will be executed before/after the sink itself (and before any DOMLogger++ checks). The function receives 3 arguments: `target`, `thisArg`, and `args`, all of which refer to the currently identified sink. For example, using `return [args[0] + '*2']` on `eval('2')` will result in `4`.\n- `requiredHook`: Specifies a list of hooks or sinks that must be triggered at least once before the target sinks start logging information. An example of this can be found in the [leverage-innerHTML.json](./configs/leverage-innerHTML.json) configuration file.\n- `alert`: Triggers an alert badge on the extension icon based on specific conditions.\n    + `match` \u0026 `!match`: Additional regular expressions that the sink parameters must respect to or avoid, respectively, in order to trigger the alert.\n    + `notification`: If set to `true`, a notification popup will appear when all conditions are satisfied.\n- `showThis`: If set to `true`, the `this=` object will be logged in the context of a function call.\n\nSince version `1.0.4`, it is now possible to use the `exec:` regex directive, which allows you to generate a regex from JavaScript execution. For instance: `exec:return document.location.pathname`.\n\n*For more detailed examples and insights, please refer to the [configs](./configs/) folder.*\n\n### globals\n\nThe content of this key will be accessible in the `domlogger.globals` variable. It is designed to facilitate the modification of specific variables used in the `exec:` or `beforeEnter` or `afterEnter` directives. An example of its usage can be found in the [cspt.json](./configs/cspt.json) configuration file.\n\n### onload\n\nThis key should contain a raw JavaScript function that will be executed after DOMLogger++ has loaded.\n\n### removeHeaders\n\nThanks to this key, you'll be able to provide a list of response headers (in lower case) that you want to remove if the remove headers feature is enabled. This is especially useful for removing security headers during tests.\n\n\u003cbr\u003e\n\n## ⌨ Shortcuts\n\nhttps://github.com/user-attachments/assets/9855e9e9-9c98-4284-821c-52d877390569\n\n**From any page**\n- `[ALT] + [SHIFT] + [P]`: Opens the popup.\n- `[ALT] + [SHIFT] + [O]`: Opens the options page.\n\n**From the options config editor**\n- `[ALT] + [A]`: Add a new config.\n- `[ALT] + [R]`: Rename a config.\n- `[ALT] + [SHIFT] + [DELETE]`: Delete a config.\n- `[ALT] + [A]`: Add a new config.\n\n\u003cbr\u003e\n\n## 🧰 Workshops\n\n- [GreHack](https://x.com/GrehackConf) 2024 ([source](./workshops/grehack2024/)): http://domloggerpp-workshop.mizu.re:5173/\n\n\u003cbr\u003e\n\n## 🖥️ Backend\n\nNot yet developed.\n\n\u003cbr\u003e\n\n## 🗺️ Road map\n\n- Set up an integrated backend server.\n- Improve the scaling of the devtools panel.\n- Find a way to hook the document.location property.\n- Simplify headless browser compatibility.\n- Fix a DOS with Reflect.apply, this.nodeName.toLowerCase... hooking.\n- Fix the devtools goto button when the sink is reached within an iframe (it should redirect on the top frame).\n- Find a way to avoid document.write breaking the extension.\n- Find out why hooking eval crashes on Cloudflare challenges (looping over the eval getter...).\n\n\u003cbr\u003e\n\n## 🤝 Contributors\n\nMany people helped and help DOMLogger++ become what it is and need to be acknowledged here!\n\n[villu164](https://github.com/villu164), [@abdilahrf](https://x.com/abdilahrf), [@busf4ctor](https://x.com/busf4ctor), [@_Worty](https://x.com/_Worty), [owalid](https://github.com/owalid), [@xanhacks](https://twitter.com/xanhacks), [@kire_devs_hacks](https://twitter.com/kire_devs_hacks), [aristosMiliaressis](https://github.com/aristosMiliaressis), [@MtnBer](https://twitter.com/MtnBer), [@FeelProud_sec](https://twitter.com/FeelProud_sec), [@jonathan404_](https://x.com/jonathan404_), [@PikuHaku](https://x.com/PikuHaku), [@aituglo](https://x.com/aituglo), [@xnl_h4ck3r](https://x.com/xnl_h4ck3r), [AetherBlack](https://github.com/AetherBlack), [@me0wday](https://x.com/me0wday), [@k1ng_pr4wn](https://x.com/k1ng_pr4wn)\n\n*Special thanks to [@BitK\\_](https://twitter.com/BitK_) for the well-structured code in [Pwnfox](https://github.com/yeswehack/PwnFox), it helped me a lot to understand browsers extensions ❤️*\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkevin-mizu%2Fdomloggerpp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkevin-mizu%2Fdomloggerpp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkevin-mizu%2Fdomloggerpp/lists"}