Untrusted Types for DevTools
Abusing Trusted Types to discover XSS sinks.
Apa itu Untrusted Types for DevTools?
Untrusted Types for DevTools adalah ekstensi Chrome yang dikembangkan oleh Thomas Orlita, dan fitur utamanya adalah "Abusing Trusted Types to discover XSS sinks.".
Screenshot Ekstensi
Unduh Berkas CRX Ekstensi Untrusted Types for DevTools
Unduh file ekstensi Untrusted Types for DevTools dalam format crx, pasang ekstensi Chrome secara manual di peramban, atau bagikan file crx dengan teman untuk menginstal ekstensi Chrome dengan mudah.
Petunjuk Penggunaan Ekstensi
Discover and test inputs passed into sinks that could lead to DOM XSS vulnerabilities.
A sink is a code pattern that could run arbitrary JavaScript code if the input is malicious, for example: innerHTML, eval, document.write.
This extension adds a panel to DevTools where you can see/filter the sink logs and customize settings.
Keywords (by default: "d0mxss") that are found to be passed in a sink will be highlighted in the extension and in console.
You can then find the stack trace of a specific log:
1. Click to copy the ID,
2. Open Console>Filter and paste the ID,
3. Now you can inspect the stack trace. Click on the function name to open it in the Sources tab. Informasi Dasar Ekstensi
| Nama |  Untrusted Types for DevTools |
| ID | bpeblffgmddnafmnmdjohcmkbeifdlnb |
| URL Resmi | https://chromewebstore.google.com/detail/untrusted-types-for-devto/bpeblffgmddnafmnmdjohcmkbeifdlnb |
| Deskripsi | Abusing Trusted Types to discover XSS sinks. |
| Ukuran File | 39.16 KB |
| Jumlah Instalasi | 1,297 |
| Versi Saat Ini | 1.1.1 |
| Terakhir Diperbarui | 2021-10-12 |
| Tanggal Publikasi | 2021-01-22 |
| Penilaian | 5.00/5 Total 3 Penilaian |
| Pengembang | Thomas Orlita |
| [email protected] | |
| Tipe Pembayaran | free |
| Situs Ekstensi | https://github.com/filedescriptor/untrusted-types |
| Bahasa yang Didukung | en |
| manifest.json | |
{
"update_url": "https:\/\/clients2.google.com\/service\/update2\/crx",
"name": "Untrusted Types for DevTools",
"description": "Abusing Trusted Types to discover XSS sinks.",
"version": "1.1.1",
"manifest_version": 2,
"icons": {
"128": "icons\/icon128.png"
},
"permissions": [
"storage",
"webRequest",
"webRequestBlocking",
"http:\/\/*\/*",
"https:\/\/*\/*"
],
"web_accessible_resources": [
"settings.json"
],
"content_scripts": [
{
"matches": [
"http:\/\/*\/*",
"https:\/\/*\/*"
],
"all_frames": true,
"match_about_blank": true,
"run_at": "document_start",
"js": [
"build\/content.js"
]
}
],
"devtools_page": "devtools.html",
"background": {
"scripts": [
"build\/background.js"
],
"persistent": true
}
} | |
