Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/nccgroup/tracy

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.
https://github.com/nccgroup/tracy

browser-extension chrome chrome-extension firefox firefox-addon security security-tools xss xss-detection

Last synced: about 1 month ago
JSON representation

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

Awesome Lists containing this project

README 

        


  

  




## Tracy

A pentesting tool designed to assist with finding all sinks and sources of a web

application and display these results in a digestible manner. `tracy` should be used

during the mapping-the-application phase of the pentest to identify sources of input

and their corresponding outputs. `tracy` can use this data to intelligently find

vulnerable instances of XSS, especially with web applications that use lots of JavaScript.



`tracy` is a browser extension that records all user input 

to a web application and monitors any time those inputs are output, for example in a

DOM write, server response, or call to `eval`.



For guides and reference materials about `tracy`, see [the documentation](https://github.com/nccgroup/tracy/wiki).



## Installation



Tracy is now only a browser extension! No more binaries, just download it from the Chrome or Firefox store.



* [Firefox](https://addons.mozilla.org/en-US/firefox/addon/tracyplugin/)

* [Chrome](https://chrome.google.com/webstore/detail/tracy/lcgbimfijafcjjijgjoodgpblgmkckhn).



And that's it! As long as tracy is installed in your browser, you are ready to find XSS. There is no longer

any requirements to configure a proxy or certificates.