Tracy

Name: Tracy
Rating: 4 (3 reviews)
Author: jacob.heath.ncc

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

▶

Download

Install Compare

Tracy is an essential Chrome extension designed to assist penetration testers and security researchers in discovering all sinks and sources of input within modern web applications. It provides a detailed, digestible overview of potential cross-site scripting (XSS) vulnerabilities beyond traditional server-side reflection, including advanced attack vectors like DOM clobbering, frontend and backend template injections, and open redirects.

Unlike tools that only analyze server responses, Tracy grants you "X-ray vision into the DOM," revealing how frontend output encoding interacts with inputs to expose potential risks. By identifying and documenting every input source and follow-up sink, Tracy empowers users to effectively locate and mitigate complex XSS attack surfaces, making web applications safer and more secure.

Extension Developer Tools Privacy & Security Programming

By:

Users:

Rating:

Version:

0.9.2 Last updated: 2021-05-21

Creation date:

2020-05-11

Risk:

Permissions:

<all_urls>
storage
webRequest

Size:

920.58K

Email:

ja*****@gmail.com

Full description:

Source:

Chrome Web Store

Updated:

2 days ago

Ranking

# 39,039 ▼ 429

Other rankings

#7860 in Developer Tools ▼ 21 #299 in input keyword 32 ▲

User reviews

Initial Review: ---------------- Installs cleanly, loads fine, however there is not comphrensive documentation (yet) to explain what exactly its doing to help pentest a site. Very cryptic desc. of its functions. I will report back once i learn some more but you should have a very firm handle on XSS before using this

Mi*****, 2021-05-16

Quite the tool to look for XSS...a must have tool

Em*****, 2019-07-28

View all user reviews ›

Extension safety

Risk impact

Tracy requires some sensitive permissions that could impact your browser and data security. Exercise caution before installing.

Risk impact analysis details

Critical Allows access to all websites, posing a significant security risk as it can monitor and modify data from any visited site.
High ****** *** ********* ** ******* *** ******* ******* ** ****** *** *** ******** ******
High ******* ******* **** *** ****** ***** *** ***** ** ******* **** ********* ********* ** * *********** *****

Risk likelihood

Tracy has earned a fairly good reputation and likely can be trusted.

Risk likelihood analysis details

High This extension has low user count. Unpopular extensions may not be stable or safe.
Low **** ********* *** ******* **** **** * ****** **** ***** ******** *** **** ****** ** ** ****** *** *****
Low **** ********* *** ***** **** **** * ****** **** ***** ********** *** **** ****** ** ** ****** *** *****
Good **** ********* *** **** **** *******

Upgrade to see full risk analysis details

Instantly check and monitor your browser extensions' risks and permissions with Extension Guard.