首页 开发者工具 Tracy

Tracy

用户数 : 594 分类 : 开发者工具 扩展大小 : 1.46MiB 最后更新时间 : 2020-05-11 版本 : 0.7.8
                            There are many different ways to trigger XSS, especially considering the large number of frontend frameworks that have been made popular in the last few years. For example, some of the less traditional ways of exploiting XSS can be through:

* DOM clobbering
* DOM injection
* Frontend template injection
* Backend template injection
* Open redirects

These attack vectors are significantly different than traditional stored and reflected XSS cases and they require new tools for finding them effectively.

Many similar tools only look for server response reflection, however this is not very helpful if all output encoding is performed by the frontend. In order to really gain knowledge about all the true sinks of the application, we need a tool that grants us "X-ray vision into the DOM".

This extensions was written with the goal of eliminating XSS by assisting a  penetration tester in identifying every source of input into an application and following that input to all of its sinks. These cases are documented and stored as references that can be used to identify the locations of potentially risky input.
                        
查看更多
下载 如何离线安装? Chrome store

分享

全部评论

    展开更多评论

    错误提示保存失败
    成功提示保存成功
    close
    qr-code

    为打击盗链困扰,本站已启用公众号验证
    微信扫码关注上方公众号,回复“插件”二字获得验证码,验证码5分钟内全站有效。

    正在验证
    验证成功
    下载遇到问题?请添加QQ群:398095333
    close
    qr-code

    为打击盗链困扰,本站已启用公众号验证
    微信扫码关注上方公众号,回复“脚本”二字获得验证码,验证码5分钟内全站有效。

    正在验证
    验证成功