Untrusted Types for DevTools
Abusing Trusted Types to discover XSS sinks.
Qu'est-ce que Untrusted Types for DevTools ?
Untrusted Types for DevTools est une extension Chrome développée par Thomas Orlita, et sa fonction principale est "Abusing Trusted Types to discover XSS sinks.".
Captures d'Écran de l'Extension
Télécharger le fichier CRX de l'extension Untrusted Types for DevTools
Téléchargez les fichiers d'extension Untrusted Types for DevTools au format crx, installez manuellement les extensions Chrome dans le navigateur ou partagez les fichiers crx avec des amis pour installer facilement les extensions Chrome.
Instructions d'Utilisation de l'Extension
Discover and test inputs passed into sinks that could lead to DOM XSS vulnerabilities.
A sink is a code pattern that could run arbitrary JavaScript code if the input is malicious, for example: innerHTML, eval, document.write.
This extension adds a panel to DevTools where you can see/filter the sink logs and customize settings.
Keywords (by default: "d0mxss") that are found to be passed in a sink will be highlighted in the extension and in console.
You can then find the stack trace of a specific log:
1. Click to copy the ID,
2. Open Console>Filter and paste the ID,
3. Now you can inspect the stack trace. Click on the function name to open it in the Sources tab. Informations de Base sur l'Extension
| Nom |  Untrusted Types for DevTools |
| ID | bpeblffgmddnafmnmdjohcmkbeifdlnb |
| URL Officiel | https://chromewebstore.google.com/detail/untrusted-types-for-devto/bpeblffgmddnafmnmdjohcmkbeifdlnb |
| Description | Abusing Trusted Types to discover XSS sinks. |
| Taille du Fichier | 39.16 KB |
| Nombre d'Installations | 1,297 |
| Version Actuelle | 1.1.1 |
| Dernière Mise à Jour | 2021-10-12 |
| Date de Publication | 2021-01-22 |
| Évaluation | 5.00/5 Total 3 Évaluations |
| Développeur | Thomas Orlita |
| [email protected] | |
| Type de Paiement | free |
| Site Web de l'Extension | https://github.com/filedescriptor/untrusted-types |
| Langues Prises en Charge | en |
| manifest.json | |
{
"update_url": "https:\/\/clients2.google.com\/service\/update2\/crx",
"name": "Untrusted Types for DevTools",
"description": "Abusing Trusted Types to discover XSS sinks.",
"version": "1.1.1",
"manifest_version": 2,
"icons": {
"128": "icons\/icon128.png"
},
"permissions": [
"storage",
"webRequest",
"webRequestBlocking",
"http:\/\/*\/*",
"https:\/\/*\/*"
],
"web_accessible_resources": [
"settings.json"
],
"content_scripts": [
{
"matches": [
"http:\/\/*\/*",
"https:\/\/*\/*"
],
"all_frames": true,
"match_about_blank": true,
"run_at": "document_start",
"js": [
"build\/content.js"
]
}
],
"devtools_page": "devtools.html",
"background": {
"scripts": [
"build\/background.js"
],
"persistent": true
}
} | |
