DOM based XSS finder
大小:2.46MiB版本:v 1.0.0更新时间:2021-12-21
A Chrome extension for finding DOM based XSS vulnerabilities
DOM based XSS finder 的使用方法详解,最全面的教程
DOM based XSS finder 描述:
用户数:2000
分类:开发者工具插件
扩展大小:2.46 MiB
最后更新时间:2021-12-21
版本:v 1.0.0
DOM based XSS finder 插件简介:
这是来自Chrome商店的 DOM based XSS finder 浏览器插件,您可以在当前页面下载它的最新版本安装文件,并安装在Chrome、Edge等浏览器上。
DOM based XSS finder插件下载方法/流程:
点击下载按钮,关注“扩展迷Extfans”公众号并获取验证码,在网页弹窗中输入验证码,即可下载最新安装文件。
DOM based XSS finder插件安装教程/方法:
(1)将扩展迷上下载的安装包文件(.zip)解压为文件夹,其中类型为“crx”的文件就是接下来需要用到的安装文件
(2) 从设置->更多工具->扩展程序 打开扩展程序页面,或者地址栏输入 Chrome://extensions/ 按下回车打开扩展程序页面
(3) 打开扩展程序页面的“开发者模式”
(4) 将crx文件拖拽到扩展程序页面,
完成安装如有其它安装问题,
请扫描网站底部二维码与客服联系如有疑问请参考:
https://www.extfans.com/installation/"DOM based XSS finder" is a Chrome extension that finds DOM based XSS vulnerabilities.
Finding DOM based XSS can be bothersome. This extension can be helpful. This extension has the following features:
- Notify if a user-input such as "location.href" leads to a dangerous function such as "eval".
- Fuzzing for user-inputs such as query, hash and referrer.
- Generate a PoC that generates a alert prompt.
This extension is actively developed. More features will be added in later versions.
**This tool is a dynamic JavaScript tracer, not a static JavaScript scanner. So you must execute JavaScript by manual crawling with this extension starting.**
Usage
1. Click the icon and hit "Start".
2. Browse pages that you want to scan.
3. If the extension finds a possible vulnerability of DOM based XSS, the extension shows a entry for that url.
4. Click "Detail" in the entry. A popup window show a source and a sink of the possible vulnerability.
5. Click "Check and Generate PoC" in the popup window. You can fuzzing the url.