Untrusted Types for DevTools

5.0(

3 ratings

)

ExtensionDeveloper Tools1,000 users

Overview

Abusing Trusted Types to discover XSS sinks.

Discover and test inputs passed into sinks that could lead to DOM XSS vulnerabilities. A sink is a code pattern that could run arbitrary JavaScript code if the input is malicious, for example: innerHTML, eval, document.write. This extension adds a panel to DevTools where you can see/filter the sink logs and customize settings. Keywords (by default: "d0mxss") that are found to be passed in a sink will be highlighted in the extension and in console. You can then find the stack trace of a specific log: 1. Click to copy the ID, 2. Open Console>Filter and paste the ID, 3. Now you can inspect the stack trace. Click on the function name to open it in the Sources tab.

5 out of 5
3 ratings
Google doesn't verify reviews. Learn more about results and reviews.

Rizan Fauzi
Aug 31, 2021

fantastic tool! helps me display the xss dom sink in devtools console! Thanks

1 out of 2 found this helpful

Details

Version
1.1.1
Updated
October 12, 2021
Flag concern
Offered by
Thomas Orlita
Size
39.16KiB
Languages
English
Developer
Email
info@thomasorlita.com
Non-trader
This developer has not identified itself as a trader. For consumers in the European Union, please note that consumer rights do not apply to contracts between you and this developer.

Privacy

The developer has disclosed that it will not collect or use your data.

This developer declares that your data is

Not being sold to third parties, outside of the approved use cases
Not being used or transferred for purposes that are unrelated to the item's core functionality
Not being used or transferred to determine creditworthiness or for lending purposes