Untrusted Types for DevTools

Abusing Trusted Types to discover XSS sinks.

什么是Untrusted Types for DevTools?

Untrusted Types for DevTools是由Thomas Orlita开发的Chrome扩展程序,该扩展的主要功能是“Abusing Trusted Types to discover XSS sinks.”。

扩展截图

screenshot
screenshot

下载Untrusted Types for DevTools扩展crx文件

下载Untrusted Types for DevTools扩展crx格式的文件,手动将Chrome插件安装到浏览器中,也可以将crx文件分享给朋友,轻松安装Chrome插件。

扩展使用说明

                        Discover and test inputs passed into sinks that could lead to DOM XSS vulnerabilities.

A sink is a code pattern that could run arbitrary JavaScript code if the input is malicious, for example: innerHTML, eval, document.write.

This extension adds a panel to DevTools where you can see/filter the sink logs and customize settings.

Keywords (by default: "d0mxss") that are found to be passed in a sink will be highlighted in the extension and in console.

You can then find the stack trace of a specific log:
1. Click to copy the ID,
2. Open Console>Filter and paste the ID,
3. Now you can inspect the stack trace. Click on the function name to open it in the Sources tab.

扩展基本信息

名称 Untrusted Types for DevTools Untrusted Types for DevTools
ID bpeblffgmddnafmnmdjohcmkbeifdlnb
官方URL https://chromewebstore.google.com/detail/untrusted-types-for-devto/bpeblffgmddnafmnmdjohcmkbeifdlnb
简介 Abusing Trusted Types to discover XSS sinks.
文件大小 39.16 KB
安装次数 1,297
当前版本 1.1.1
更新时间 2021-10-12
上架时间 2021-01-22
评分 5.00/5 共3次评分
开发者 Thomas Orlita
电子邮箱 [email protected]
付费类型 free
扩展官网 https://github.com/filedescriptor/untrusted-types
支持的语言 en
manifest.json 
{
    "update_url": "https:\/\/clients2.google.com\/service\/update2\/crx",
    "name": "Untrusted Types for DevTools",
    "description": "Abusing Trusted Types to discover XSS sinks.",
    "version": "1.1.1",
    "manifest_version": 2,
    "icons": {
        "128": "icons\/icon128.png"
    },
    "permissions": [
        "storage",
        "webRequest",
        "webRequestBlocking",
        "http:\/\/*\/*",
        "https:\/\/*\/*"
    ],
    "web_accessible_resources": [
        "settings.json"
    ],
    "content_scripts": [
        {
            "matches": [
                "http:\/\/*\/*",
                "https:\/\/*\/*"
            ],
            "all_frames": true,
            "match_about_blank": true,
            "run_at": "document_start",
            "js": [
                "build\/content.js"
            ]
        }
    ],
    "devtools_page": "devtools.html",
    "background": {
        "scripts": [
            "build\/background.js"
        ],
        "persistent": true
    }
}

相关的扩展

Hack-Tools
Hack-Tools
Shodan
Shodan
YesWeHack VDP Finder
YesWeHack VDP Finder
HackBar
HackBar
CounterXSS
CounterXSS
retire.js
retire.js
Tracy
Tracy
Vulners Web Scanner
Vulners Web Scanner
Display Access Keys
Display Access Keys
XSS
XSS
OWASP Penetration Testing Kit
OWASP Penetration Testing Kit
Plugin Vulnerabilities
Plugin Vulnerabilities