Untrusted Types for DevTools
Abusing Trusted Types to discover XSS sinks.
What is Untrusted Types for DevTools?
Untrusted Types for DevTools is a Chrome extension developed by Thomas Orlita, and its main feature is "Abusing Trusted Types to discover XSS sinks.".
Extension Screenshots
Download Untrusted Types for DevTools Extension CRX File
Download Untrusted Types for DevTools extension files in crx format, manually install Chrome extensions in the browser, or share the crx files with friends to easily install Chrome extensions.
Extension Usage Instructions
Discover and test inputs passed into sinks that could lead to DOM XSS vulnerabilities.
A sink is a code pattern that could run arbitrary JavaScript code if the input is malicious, for example: innerHTML, eval, document.write.
This extension adds a panel to DevTools where you can see/filter the sink logs and customize settings.
Keywords (by default: "d0mxss") that are found to be passed in a sink will be highlighted in the extension and in console.
You can then find the stack trace of a specific log:
1. Click to copy the ID,
2. Open Console>Filter and paste the ID,
3. Now you can inspect the stack trace. Click on the function name to open it in the Sources tab. Extension Basic Information
| Name |  Untrusted Types for DevTools |
| ID | bpeblffgmddnafmnmdjohcmkbeifdlnb |
| Official URL | https://chromewebstore.google.com/detail/untrusted-types-for-devto/bpeblffgmddnafmnmdjohcmkbeifdlnb |
| Description | Abusing Trusted Types to discover XSS sinks. |
| File Size | 39.16 KB |
| Installation Count | 1,297 |
| Current Version | 1.1.1 |
| Last Updated | 2021-10-12 |
| Publish Date | 2021-01-22 |
| Rating | 5.00/5 Total 3 Ratings |
| Developer | Thomas Orlita |
| [email protected] | |
| Payment Type | free |
| Extension Website | https://github.com/filedescriptor/untrusted-types |
| Supported Languages | en |
| manifest.json | |
{
"update_url": "https:\/\/clients2.google.com\/service\/update2\/crx",
"name": "Untrusted Types for DevTools",
"description": "Abusing Trusted Types to discover XSS sinks.",
"version": "1.1.1",
"manifest_version": 2,
"icons": {
"128": "icons\/icon128.png"
},
"permissions": [
"storage",
"webRequest",
"webRequestBlocking",
"http:\/\/*\/*",
"https:\/\/*\/*"
],
"web_accessible_resources": [
"settings.json"
],
"content_scripts": [
{
"matches": [
"http:\/\/*\/*",
"https:\/\/*\/*"
],
"all_frames": true,
"match_about_blank": true,
"run_at": "document_start",
"js": [
"build\/content.js"
]
}
],
"devtools_page": "devtools.html",
"background": {
"scripts": [
"build\/background.js"
],
"persistent": true
}
} | |
