Skip to content
Chrome extension to aid in finding DOMXSS by simple taint analysis of string values.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
images Version 1.0.0 Dec 16, 2018
README.md
background.js added tainting of pathname after suggestion from @avlidienbrunn Jun 1, 2019
content.js added tainting of pathname after suggestion from @avlidienbrunn Jun 1, 2019
manifest.json added tainting of pathname after suggestion from @avlidienbrunn Jun 1, 2019
oops.js added tainting of pathname after suggestion from @avlidienbrunn Jun 1, 2019
options.html Added option to mute notifications Dec 23, 2018
options.js

README.md

Taint Testing Tool

Simple Chrome extension to assist in finding DOMXSS and similar security issues. Works by injecting a unique string into "sources" such as page location, referrer, cookies, etc. JavaScript hooks then instrument various "sinks" such as eval() and innerHTML to look for the "taint".

Clicking the "browser action" icon scans the included script sources for keywords to add as parameters, similar to DOMinator's "smart fuzzing" technique. This helps find stuff that parses location.hash as key-value and where only a certain keyword will be vulnerable to injection.

Options page contains a setting to automatically trigger the keyword search on every page load, which sometimes confuses single-page web apps.

There is currently NO way to limit the scope of the extension, so please disable it when not in use. In fact, limiting the scope will miss analysis of cross-origin iframes so using "On Click" or "On Specific Sites" is not advised. Please, just don't use this extension on sites where you don't have permission to test for security issues.

The awesome icon was made by smalllikeart from www.flaticon.com and is licensed CC 3.0 BY.

You can’t perform that action at this time.