插件简介
A Chrome extension for finding DOM based XSS vulnerabilities
"DOM based XSS finder" is a Chrome extension that finds DOM based XSS vulnerabilities.
Finding DOM based XSS can be bothersome. This extension can be helpful. This extension has the following features:
- Notify if a user-input such as "location.href" leads to a dangerous function such as "eval".
- Fuzzing for user-inputs such as query, hash and referrer.
- Generate a PoC that generates a alert prompt.
This extension is actively developed. More features will be added in later versions.
**This tool is a dynamic JavaScript tracer, not a static JavaScript scanner. So you must execute JavaScript by manual crawling with this extension starting.**
Usage
1. Click the icon and hit "Start".
2. Browse pages that you want to scan.
3. If the extension finds a possible vulnerability of DOM based XSS, the extension shows a entry for that url.
4. Click "Detail" in the entry. A popup window show a source and a sink of the possible vulnerability.
5. Click "Check and Generate PoC" in the popup window. You can fuzzing the url.
其他信息
ID ngmdldjheklkdchgkgnjoaabgejcnnoi
版本 1.0.0 上次更新日期 2021年11月19日 大小 2.46MiB 语言 支持1
种语言 开发者 适用浏览器
谷歌浏览器、其他Chromium内核的浏览器
DOM based XSS finder Chrome插件下载
为打击盗链困扰,本站已启用人机验证
微信扫码关注左侧公众号,发送“插件”二字获得验证码,验证码5分钟全站有效