Skip to content
#BugBounty #BugBounty Tools #WebDeveloper Tool
JavaScript
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
PostMessageMainTool.crx
PostMessageMainTool.pem
PostMessage_ui_extension-kiran.zip
README.md
postmessage-hook.js

README.md

PostMessage_Fuzz_Tool Chrome app & Extension

Installation

  1. Install Tampermonkey
  2. Install the TampermonkeyScript "postmessage-hook.js"

"Enable Developer Mode" by click toggle button in right side.

  1. Then open chrome://extensions and drag "PostMessageMainTool.crx" to the screen and click add.
  2. Then click "Load unpacked" button and select the folder "PostMessage_ui_extension-kiran" it will add the PostmessageUI extension on screen.

How to get started.

  1. Click on TamperMonkey icon and click on PostMessage script toggle button ( to enable it).
  2. Goto chrome://apps and click on PostMessage Tool icon and click start button and minimize it.
  3. The click on "postmesage ui" i.e "P" icon on your chrome toolbar which is our ui tool for postmessage. > click "logger"

It will open the logger tool popup. Now we are ready !!! to start capture the Message Handlers and Fuzz.

Simply Refresh the Browser tab "www.youtube.com", after loaded fully, click on "Dump Handlers" to dump the messages.

Once loaded all handlers, we can check them by clicking on "replay" button.

#Using : https://youtu.be/2CLWyj9uFEg

###Credits to Appcheck ng for POC tool.

You can’t perform that action at this time.