Untrusted Types for DevTools
Abusing Trusted Types to discover XSS sinks.
什麼是Untrusted Types for DevTools?
Untrusted Types for DevTools是由Thomas Orlita開發的Chrome擴展程式,該擴展的主要功能是“Abusing Trusted Types to discover XSS sinks.”。
擴展截圖
下載Untrusted Types for DevTools擴展crx文件
下載Untrusted Types for DevTools擴展crx格式的文件,手動將Chrome擴充功能安裝到瀏覽器中,也可以將crx文件分享給朋友,輕鬆安裝Chrome擴充功能。
擴展使用說明
Discover and test inputs passed into sinks that could lead to DOM XSS vulnerabilities.
A sink is a code pattern that could run arbitrary JavaScript code if the input is malicious, for example: innerHTML, eval, document.write.
This extension adds a panel to DevTools where you can see/filter the sink logs and customize settings.
Keywords (by default: "d0mxss") that are found to be passed in a sink will be highlighted in the extension and in console.
You can then find the stack trace of a specific log:
1. Click to copy the ID,
2. Open Console>Filter and paste the ID,
3. Now you can inspect the stack trace. Click on the function name to open it in the Sources tab. 擴展基本資訊
| 名稱 |  Untrusted Types for DevTools |
| ID | bpeblffgmddnafmnmdjohcmkbeifdlnb |
| 官方網址 | https://chromewebstore.google.com/detail/untrusted-types-for-devto/bpeblffgmddnafmnmdjohcmkbeifdlnb |
| 簡介 | Abusing Trusted Types to discover XSS sinks. |
| 檔案大小 | 39.16 KB |
| 安裝次數 | 1,297 |
| 目前版本 | 1.1.1 |
| 更新時間 | 2021-10-12 |
| 上架時間 | 2021-01-22 |
| 評分 | 5.00/5 共 3 次評分 |
| 開發者 | Thomas Orlita |
| 電子郵箱 | [email protected] |
| 付費類型 | free |
| 擴展官網 | https://github.com/filedescriptor/untrusted-types |
| 支援的語言 | en |
| manifest.json | |
{
"update_url": "https:\/\/clients2.google.com\/service\/update2\/crx",
"name": "Untrusted Types for DevTools",
"description": "Abusing Trusted Types to discover XSS sinks.",
"version": "1.1.1",
"manifest_version": 2,
"icons": {
"128": "icons\/icon128.png"
},
"permissions": [
"storage",
"webRequest",
"webRequestBlocking",
"http:\/\/*\/*",
"https:\/\/*\/*"
],
"web_accessible_resources": [
"settings.json"
],
"content_scripts": [
{
"matches": [
"http:\/\/*\/*",
"https:\/\/*\/*"
],
"all_frames": true,
"match_about_blank": true,
"run_at": "document_start",
"js": [
"build\/content.js"
]
}
],
"devtools_page": "devtools.html",
"background": {
"scripts": [
"build\/background.js"
],
"persistent": true
}
} | |
