Eval Villain

Name: Eval Villain
Rating: 3.6667 (3 reviews)
Author: bemodtwz

Hook native JavaScript functions before page load to see how a website uses them. Narrow down output based on the appearance of URL and session artifacts, user configured strings/regex, blacklists and more.

Download

Install Compare

Eval Villain is a powerful Chrome extension designed to hook native JavaScript sink functions before page load, enabling users to monitor how web pages utilize these functions. It automatically hooks common DOM XSS sinks but can be customized to target any JavaScript function. With options to filter results based on URL patterns, session data, user-defined strings or regex, and blacklists, users gain precise control over output.

Beyond detecting DOM-based cross-site scripting, Eval Villain aids in analyzing webpage behavior by hooking functions like eval(), decodeURI(), and addEventListener(), unveiling potential obfuscation, hidden URL parameters, or post message handlers. Its recursive decoding capabilities help identify encoded HTML embedded in unusual locations such as the window name. This highly configurable tool is ideal for security researchers and developers aiming to understand JavaScript execution flows and identify vulnerabilities or malware. Supported by Doyensec Research, Eval Villain offers deep insight into web security through advanced JavaScript instrumentation.

Add-on Developer Tools Privacy & Security Programming SaaS

By:

Daily users:

Rating:

Version:

2.11 Last updated: 2024-11-13

Version code:

5843398

Creation date:

2018-08-02

Risk:

Permissions:

<all_urls>
storage

Size:

53.89KB

Email:

je*****@gmail.com

URLs:

Full description:

Source:

Firefox Browser Add-ons

Updated:

a day ago

Ranking

# 7,046 ▲ 25

Other rankings

#36 in will keyword 52 ▼ 1

#54 in configure keyword 7 ▼ 1

#63 in fragment keyword 15 ▼ 1

#104 in function keyword 4 ▼ 1

#106 in javascript keyword 44

Upgrade to see more rankings

Extension safety

Risk impact

Risk impact measures the level of extra permissions an extension has access to. A low risk impact extension cannot do much harms, whereas a high risk impact extension can do a lot of damage like stealing your password, bypassing your security settings, and accessing your personal data. High risk impact extensions are not necessarily malicious. However, if they do turn malicious, they can be very harmful.

Eval Villain requires a few sensitive permissions. Exercise caution before installing.

Risk impact analysis details

Critical Allows access to all websites, posing a significant security risk as it can monitor and modify data from any visited site.

Risk likelihood

Risk likelihood measures the probability that a Firefox add-on may turn malicious. This is determined by the publisher and the Firefox add-on reputation on Firefox Browser Add-ons, the amount of time the Firefox add-on has been around, and other signals about the Firefox add-on. Our algorithms are not perfect, and are subject to change as we discover new ways to detect malicious extensions. We recommend that you always exercise caution when installing a Firefox add-on.

Eval Villain is probably trust-worthy. Prefer other publishers if available. Exercise caution when installing this add-on.

Risk likelihood analysis details

High This extension has low user count. Unpopular extensions may not be stable or safe.
Low **** ********* *** ******* **** **** * ****** **** ***** ******** *** **** ****** ** ** ****** *** *****
Low **** ********* *** ***** **** **** * ****** **** ***** ********** *** **** ****** ** ** ****** *** *****
Good **** ********* *** **** **** *******

Upgrade to see full risk analysis details

Instantly check and monitor your browser extensions' risks and permissions with Extension Guard.