Eval Villain

Name: Eval Villain
Rating: 3.6667 (3 reviews)
Author: bemodtwz

Hook native JavaScript functions before page load to see how a website uses them. Narrow down output based on the appearance of URL and session artifacts, user configured strings/regex, blacklists and more.

Download

Install

Features & Capabilities

Eval Villain is a powerful Chrome extension designed to hook native JavaScript sink functions before page load, enabling users to monitor how web pages utilize these functions. It automatically hooks common DOM XSS sinks but can be customized to target any JavaScript function. With options to filter results based on URL patterns, session data, user-defined strings or regex, and blacklists, users gain precise control over output.

Beyond detecting DOM-based cross-site scripting, Eval Villain aids in analyzing webpage behavior by hooking functions like eval(), decodeURI(), and addEventListener(), unveiling potential obfuscation, hidden URL parameters, or post message handlers. Its recursive decoding capabilities help identify encoded HTML embedded in unusual locations such as the window name. This highly configurable tool is ideal for security researchers and developers aiming to understand JavaScript execution flows and identify vulnerabilities or malware. Supported by Doyensec Research, Eval Villain offers deep insight into web security through advanced JavaScript instrumentation.

User Growth & Download Statistics

Add-on Developer Tools Privacy & Security Programming

By:

Daily users:

Rating:

Version:

2.11 Last updated: 2024-11-13

Version code:

5843398

Creation date:

2018-08-02

Risk:

Permissions:

<all_urls>
storage

Size:

53.89KB

Email:

je*****@gmail.com

URLs:

Full description:

Source:

Firefox Add-ons Store

Data ingested on:

2026-06-18

Compare stats and ranking:

Ranking

# 8,162 ▼ 130

Other rankings

#40 in will keyword 46 ▼ 2

#50 in string keyword 10 ▲ 1

#62 in configure keyword 24 ▼ 1

#69 in fragment keyword 15 ▼ 1

#113 in function keyword 16 ▼ 1

Upgrade to see more rankings

For Developers

Monetize with App Pass Boost with Extension Booster

Contact the developer

Chrome-Stats does not own this Firefox add-on. Please use these information below to contact the Firefox add-on developer.

Developed by:

bemodtwz

Firefox Add-ons Store

https://addons.mozilla.org/firefox/addon/eval-villain/

Email:

je*****@gmail.com

Is Eval Villain Safe?

Risk impact

Risk impact measures the level of extra permissions an extension has access to. A low risk impact extension cannot do much harms, whereas a high risk impact extension can do a lot of damage like stealing your password, bypassing your security settings, and accessing your personal data. High risk impact extensions are not necessarily malicious. However, if they do turn malicious, they can be very harmful.

Eval Villain requires a few sensitive permissions. Exercise caution before installing.

Risk impact analysis details

Critical Allows access to all websites, posing a significant security risk as it can monitor and modify data from any visited site.

Risk likelihood

Risk likelihood measures the probability that a Firefox add-on may turn malicious. This is determined by the publisher and the Firefox add-on reputation on Firefox Add-ons Store, the amount of time the Firefox add-on has been around, and other signals about the Firefox add-on. Our algorithms are not perfect, and are subject to change as we discover new ways to detect malicious extensions. We recommend that you always exercise caution when installing a Firefox add-on.

Eval Villain has earned a fairly good reputation and likely can be trusted.

Risk likelihood analysis details

High This extension has low user count. Unpopular extensions may not be stable or safe.
Low **** ********* *** ******* **** **** * ****** **** ***** ******** *** **** ****** ** ** ****** *** *****
Low **** ********* *** ***** **** **** * ****** **** ***** ********** *** **** ****** ** ** ****** *** *****
Good **** ********* *** **** **** *******