Untrusted Types for DevTools

Abusing Trusted Types to discover XSS sinks.

Untrusted Types for DevTools: Discover XSS Sinks

'Untrusted Types for DevTools' is a Chrome extension designed to uncover potential DOM XSS vulnerabilities. By abusing Trusted Types, this extension identifies sinks, or code patterns, that could potentially execute dangerous JavaScript code if provided with malevolent inputs. The extension adds a dedicated panel to DevTools giving users the ability to view and filter sink logs, customize settings, and even highlight keywords passed in a sink. Furthermore, it aids in the exploration of stack traces of specific logs, helping developers ensure safer, more secure applications.
Download
Install from Chrome Web Store

Extension stats

Manifest V2
Users: 1,000+
Rating: 5.00
(3)
Version: 1.1.1 (Last updated: 2021-10-12)
Creation date: 2021-01-22
Permissions:
  • storage
  • webRequest
  • webRequestBlocking
  • http://*/*
  • https://*/*
Size: 40.10K
Full description: See detailed description

Ranking

# 28,520 ▲ 3
Other rankings
#970 in Developer Tools ▼ 5 #296 in console keyword 13 ▲ 4

Other platforms

Not available on Android
Not available on Firefox
Not available on Edge

User reviews

fantastic tool! helps me display the xss dom sink in devtools console! Thanks
by Rizan Fauzi, 2021-08-31
View all user reviews

Extension safety

Risk impact

Untrusted Types for DevTools requires some sensitive permissions that could impact your browser and data security. Exercise caution before installing.

Risk impact analysis details
  • Critical Grants access to browser tabs, which can be used to track user browsing habits and history, presenting a privacy concern.
  • Critical ****** ****** ** *** ********* ****** * *********** ******** **** ** ** *** ******* *** ****** **** **** *** ******* *****
  • High ******* ******* **** *** ****** ***** *** ***** ** ******* **** ********* ********* ** * *********** *****
  • Medium ****** ** ********* ****** ********* *** **** ****** **** **** ** ******* ** ********** **** ***********
  • Low ******* ****** ** *** ********* ********
Risk likelihood

We don't have sufficient data to confidently determine the risk likelihood of Untrusted Types for DevTools. Use it at your own risk.

Risk likelihood analysis details
  • High This extension has low user count. Unpopular extensions may not be stable or safe.
  • Low **** ********* *** ******* **** **** * ****** **** ***** ******** *** **** ****** ** ** ****** *** *****
  • Low **** ********* *** ***** **** **** * ****** **** ***** ********** *** **** ****** ** ** ****** *** *****
  • Good **** ********* ********* ** * ******* ********* ** ****** *** *****
  • Good **** ********* *** **** **** *******
Upgrade to see full risk analysis details

Similar extensions

Here are some Chrome extensions that are similar to Untrusted Types for DevTools:

Hack-Tools
Hack-Tools
Ludovic COULON & Riadh BOUCHAHOUA
30K 4.57 (28)
Shodan
Shodan
https://shodan.io
100K 4.54 (136)
YesWeHack VDP Finder
YesWeHack VDP Finder
acc+browserext
1,000 5.00 (3)
HackBar
HackBar
0140454
80K 4.21 (53)
CounterXSS
CounterXSS
playarun93
485 5.00 (3)
retire.js
retire.js
jadwigaostrowska803
20K 4.89 (9)
Tracy
Tracy
jacob.heath.ncc
579 4.00 (3)
Vulners Web Scanner
Vulners Web Scanner
vankyver
9K 4.55 (20)
XSS
XSS
totofish2021
2K 5.00 (6)
OWASP Penetration Testing Kit
OWASP Penetration Testing Kit
https://pentestkit.co.uk
20K 4.81 (43)
Plugin Vulnerabilities
Plugin Vulnerabilities
White Fir Design
432 5.00 (1)
Bishop Vulnerability Scanner
Bishop Vulnerability Scanner
Jack Kingsman
3K 3.75 (12)