Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/AsaiKen/dom-based-xss-finder
Chrome extension that finds DOM based XSS vulnerabilities
https://github.com/AsaiKen/dom-based-xss-finder
Last synced: 7 days ago
JSON representation
Chrome extension that finds DOM based XSS vulnerabilities
- Host: GitHub
- URL: https://github.com/AsaiKen/dom-based-xss-finder
- Owner: AsaiKen
- License: mit
- Created: 2020-01-19T20:36:23.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2023-01-01T16:05:28.000Z (over 1 year ago)
- Last Synced: 2024-02-27T23:36:28.351Z (4 months ago)
- Language: JavaScript
- Size: 1.86 MB
- Stars: 66
- Watchers: 5
- Forks: 10
- Open Issues: 17
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Lists
- awesome-bugbounty-tools - dom-based-xss-finder - Chrome extension that finds DOM based XSS vulnerabilities (Exploitation / XSS Injection)
- awesome-bugbounty-tools - dom-based-xss-finder - Chrome extension that finds DOM based XSS vulnerabilities (Exploitation / XSS Injection)
- awesome-bugbounty-tools - dom-based-xss-finder - Chrome extension that finds DOM based XSS vulnerabilities (Exploitation / XSS Injection)
- awesome-bugbounty-tools - dom-based-xss-finder - Chrome extension that finds DOM based XSS vulnerabilities (Exploitation / XSS Injection)
- awesome-hacking-lists - AsaiKen/dom-based-xss-finder - Chrome extension that finds DOM based XSS vulnerabilities (JavaScript)
README
# DOM based XSS finder
"DOM based XSS finder" is a Chrome extension that finds DOM based XSS vulnerabilities. Install it from the [Chrome Webstore](https://chrome.google.com/webstore/detail/dom-based-xss-finder/ngmdldjheklkdchgkgnjoaabgejcnnoi).
Finding DOM based XSS can be bothersome. This extension can be helpful. This extension has the following features:
- Notify if a user-input such as "location.href" leads to a dangerous JavaScript function such as "eval".
- Fuzzing for user-inputs such as query, hash and referrer.
- Generate a PoC that generates a alert prompt.
## Usage
**This tool is a dynamic JavaScript tracer, not a static JavaScript scanner. So you must execute JavaScript by manual
crawling with this extension starting.**
- Click the icon and hit "Start".
- Browse pages that you want to scan.
- If the extension finds a possible vulnerability of DOM based XSS, the extension shows a entry for that url.
- Click "Detail" in the entry. A popup window show a source and a sink of the possible vulnerability.
- Click "Check and Generate PoC" in the popup window. You can fuzzing the url.
## License
MIT