Untrusted Types for DevTools
Item logo image for Untrusted Types for DevTools

Untrusted Types for DevTools

Featured
5.0(

3 ratings

)
Item media 1 screenshot
Item media 2 screenshot

Overview

Abusing Trusted Types to discover XSS sinks.

Discover and test inputs passed into sinks that could lead to DOM XSS vulnerabilities. A sink is a code pattern that could run arbitrary JavaScript code if the input is malicious, for example: innerHTML, eval, document.write. This extension adds a panel to DevTools where you can see/filter the sink logs and customize settings. Keywords (by default: "d0mxss") that are found to be passed in a sink will be highlighted in the extension and in console. You can then find the stack trace of a specific log: 1. Click to copy the ID, 2. Open Console>Filter and paste the ID, 3. Now you can inspect the stack trace. Click on the function name to open it in the Sources tab.

5 out of 53 ratings

Google doesn't verify reviews. Learn more about results and reviews.

Review's profile picture

Rizan FauziAug 31, 2021

fantastic tool! helps me display the xss dom sink in devtools console! Thanks

1 out of 2 found this helpful

Details

  • Version
    1.1.1
  • Updated
    October 12, 2021
  • Offered by
    Thomas Orlita
  • Size
    39.16KiB
  • Languages
    English
  • Developer
    Email
    info@thomasorlita.com
  • Non-trader
    This developer has not identified itself as a trader. For consumers in the European Union, please note that consumer rights do not apply to contracts between you and this developer.

Privacy

The developer has disclosed that it will not collect or use your data.

This developer declares that your data is

  • Not being sold to third parties, outside of the approved use cases
  • Not being used or transferred for purposes that are unrelated to the item's core functionality
  • Not being used or transferred to determine creditworthiness or for lending purposes

Related

Vulners Web Scanner

4.6(20)

Tiny vulnerability scanner based on vulners.com vulnerability database. Passively scan websites while you surf internet!

XSS

5.0(6)

Web Development tool

OWASP Penetration Testing Kit

4.9(43)

OWASP Penetration Testing Kit

Plugin Vulnerabilities

5.0(1)

Adds warning message to WordPress Plugin Directory pages when plugins are from developer we have released security advisories for.

Hack-Tools

4.7(22)

The all in one Red team extension for web pentester

Shodan

4.5(132)

The Shodan plugin tells you where the website is hosted (country, city), who owns the IP and what other services/ ports are open.

YesWeHack VDP Finder

5.0(2)

This extension tells if visited sites have vulnerability disclosure programs

HackBar

4.1(49)

A browser extension for Penetration Testing

Investigate with Lacework

0.0(0)

Faster, more accurate insight into the entire cyber kill chain

CounterXSS

5.0(1)

An Extension to counter XSS attack!

retire.js

4.9(8)

Scanning website for vulnerable js libraries

Tracy

4.0(2)

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

Vulners Web Scanner

4.6(20)

Tiny vulnerability scanner based on vulners.com vulnerability database. Passively scan websites while you surf internet!

XSS

5.0(6)

Web Development tool

OWASP Penetration Testing Kit

4.9(43)

OWASP Penetration Testing Kit

Plugin Vulnerabilities

5.0(1)

Adds warning message to WordPress Plugin Directory pages when plugins are from developer we have released security advisories for.

Hack-Tools

4.7(22)

The all in one Red team extension for web pentester

Shodan

4.5(132)

The Shodan plugin tells you where the website is hosted (country, city), who owns the IP and what other services/ ports are open.

YesWeHack VDP Finder

5.0(2)

This extension tells if visited sites have vulnerability disclosure programs

HackBar

4.1(49)

A browser extension for Penetration Testing

Google apps