PDF Files for Pentesting

A tool for testing for certificate validation vulnerabilities of TLS connections made by a client device or an application.

Find XS-Leaks in the browser by diffing DOM-Graphs in two states

A proposal to partition :visited link history by top-level site and frame origin.

An experimental CORS middleware library for Go. Consider using github.com/jub0bs/cors (its successor) instead.

Code for our 2023 IEEE S&P Paper "The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web"

Why is SponsorBlock down?!

Searcher for cross-site leaks (XS-Leaks)

Turning Your Computer Into a GPS Tracker With Apple Maps

The popular NoScript Security Suite browser extension.

Protect your data against global mass surveillance programs.

Leakuidator+ helps users to protect themselves against cross-site leaks, a class of vulnerabilities derived from side-channels built into the web platform.

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Pyodide is a Python distribution for the browser and Node.js based on WebAssembly

PyScript is an open source platform for Python in the browser. Try PyScript: https://pyscript.com Examples: https://tinyurl.com/pyscript-examples Community: https://discord.gg/HxvBtukrg2

Find, verify, and analyze leaked credentials

Based on https://github.com/ajayyy/SponsorBlockSite

A proof of concept for a clickjacking attack on macOS.

Never ever ever use pixelation as a redaction technique

Programmatically extract saved passwords from Chromium based browsers.

Demo showcasing information leaks resulting from an IndexedDB same-origin policy violation in WebKit.

🐛 A list of writeups from the Google VRP Bug Bounty program

Run PS1, VBS, CMD, EXE, MSI, Intunewin, MSIX, or extract ISO, ZIP in Windows Sandbox very quickly just from a right-click

XS-Leak Browser Test Suite

`document.domain` intentionally weakens the only security boundary we have. Perhaps we can dump it?

Same Origin XSS challenge