EXTPUBLIC.COM
Home
Untrusted Types for DevTools

#5 / 3 rate

Untrusted Types for DevTools

1,000 users

2021-01-22

Thomas Orlita

[email protected]

Extension Information

5 star
100%
4 star
0%
3 star
0%
2 star
0%
1 star
0%

Supported Languages

Permissions

Description

Abusing Trusted Types to discover XSS sinks.

Discover and test inputs passed into sinks that could lead to DOM XSS vulnerabilities.

A sink is a code pattern that could run arbitrary JavaScript code if the input is malicious, for example: innerHTML, eval, document.write.

This extension adds a panel to DevTools where you can see/filter the sink logs and customize settings.

Keywords (by default: "d0mxss") that are found to be passed in a sink will be highlighted in the extension and in console.

You can then find the stack trace of a specific log:
1. Click to copy the ID,
2. Open Console>Filter and paste the ID,
3. Now you can inspect the stack trace. Click on the function name to open it in the Sources tab.

Reviews

Rizan Fauzi
Rizan Fauzi

fantastic tool! helps me display the xss dom sink in devtools console! Thanks

Similar extensions

Hack-Tools
Hack-Tools

Ludovic COULON & Riadh BOUCHAHOUA

Shodan
Shodan

https://shodan.io

YesWeHack VDP Finder
YesWeHack VDP Finder

acc+browserext

HackBar
HackBar

0140454

CounterXSS
CounterXSS

playarun93

retire.js
retire.js

jadwigaostrowska803

Tracy
Tracy

jacob.heath.ncc

Vulners Web Scanner
Vulners Web Scanner

vankyver

XSS
XSS

totofish2021

OWASP Penetration Testing Kit
OWASP Penetration Testing Kit

https://pentestkit.co.uk

Plugin Vulnerabilities
Plugin Vulnerabilities

White Fir Design

Bishop Vulnerability Scanner
Bishop Vulnerability Scanner

Jack Kingsman