Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/nccgroup/tracy

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.
https://github.com/nccgroup/tracy

browser-extension chrome chrome-extension firefox firefox-addon security security-tools xss xss-detection

Last synced: 19 days ago
JSON representation

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

Host: GitHub
URL: https://github.com/nccgroup/tracy
Owner: nccgroup
License: mit
Created: 2018-04-17T20:54:05.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2023-03-06T17:30:26.000Z (almost 2 years ago)
Last Synced: 2024-11-14T09:02:51.047Z (28 days ago)
Topics: browser-extension, chrome, chrome-extension, firefox, firefox-addon, security, security-tools, xss, xss-detection
Language: JavaScript
Homepage: https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2018/june/tracy-because-tracing-user-input-through-javascript-is-for-tools/
Size: 19.5 MB
Stars: 553
Watchers: 25
Forks: 68
Open Issues: 22
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-bugbounty-tools - tracy - A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner. (Exploitation / XSS Injection)

README

## Tracy
A pentesting tool designed to assist with finding all sinks and sources of a web
application and display these results in a digestible manner. `tracy` should be used
during the mapping-the-application phase of the pentest to identify sources of input
and their corresponding outputs. `tracy` can use this data to intelligently find
vulnerable instances of XSS, especially with web applications that use lots of JavaScript.

`tracy` is a browser extension that records all user input
to a web application and monitors any time those inputs are output, for example in a
DOM write, server response, or call to `eval`.

For guides and reference materials about `tracy`, see [the documentation](https://github.com/nccgroup/tracy/wiki).

## Installation

Tracy is now only a browser extension! No more binaries, just download it from the Chrome or Firefox store.

* [Firefox](https://addons.mozilla.org/en-US/firefox/addon/tracyplugin/)
* [Chrome](https://chrome.google.com/webstore/detail/tracy/lcgbimfijafcjjijgjoodgpblgmkckhn).

And that's it! As long as tracy is installed in your browser, you are ready to find XSS. There is no longer
any requirements to configure a proxy or certificates.