A Chrome extension for finding DOM based XSS vulnerabilities
DOM based XSS finder - Chrome extension
"DOM based XSS finder" is a Chrome extension that finds vulnerabilities in websites using DOM based XSS. It notifies about user-inputs leading to dangerous functions, fuzzes user-inputs, and generates proof of concept alerts.
Extension stats
This extension was removed from Chrome Web Store on
2022-06-30
Risk impact: Very high risk impact
Risk likelihood:
Manifest version: 2
Permissions:
Size: 2.58M
Email: tc*****@gmail.com
URLs: Website
Other platforms
Not available on Android
Not available on Firefox
Not available on Edge
Want to check extension ranking and stats more quickly for other Chrome extensions?
Install
Chrome-Stats extension
to view Chrome-Stats data as you browse the Chrome Web Store.
Extension summary
"DOM based XSS finder" is a Chrome extension that finds DOM based XSS vulnerabilities.
Finding DOM based XSS can be bothersome. This extension can be helpful. This extension has the following features:
- Notify if a user-input such as "location.href" leads to a dangerous function such as "eval".
- Fuzzing for user-inputs such as query, hash and referrer.
- Generate a PoC that generates a alert prompt.
This extension is actively developed. More features will be added in later versions.
This tool is a dynamic JavaScript tracer, not a static JavaScript scanner. So you must execute JavaScript by manual crawling with this extension starting.
Usage
- Click the icon and hit "Start".
- Browse pages that you want to scan.
User reviews
No funciona, todo el rato aparece "scanning" pero no parece funcionar nada
it pretty good
Extension safety
Risk impact
DOM based XSS finder requires a lot of sensitive permissions. Exercise caution before installing.
Risk likelihood
DOM based XSS finder may not be trust-worthy. Avoid installing if possible unless you really trust this publisher.
Upgrade to see risk analysis details
Similar extensions
Here are some Chrome extensions that are similar to DOM based XSS finder:
XSS辅助工具 OWASP Penetration Testing Kit Hack-Tools Bishop Vulnerability Scanner HackBar YesWeHack VDP Finder CounterXSS XSS Vulners Web Scanner ZoomEye Tools Vulnerability Assessment Swascan Plugin Vulnerabilities Tracy Cyber Web Tools Untrusted Types for DevTools Information Gathering Shodan Display Access Keys Ninja File Collector Breakbot retire.js HackBar Monhack FindSomething
N/A
2,000+
https://pentestkit.co.uk
4.81
20,000+
Ludovic COULON & Riadh BOUCHAHOUA
4.63
30,000+
Jack Kingsman
3.75
3,000+
0140454
4.19
70,000+
acc+browserext
5.00
1,000+
playarun93
5.00
501
totofish2021
5.00
2,000+
vankyver
4.55
9,000+
knownseczoomeye
3.67
3,000+
Swascan
4.50
564
White Fir Design
5.00
435
jacob.heath.ncc
4.00
591
https://cyberwebtools.com
1.00
940
Thomas Orlita
5.00
1,000+
social
2.60
1,080+
https://shodan.io
4.54
100,000+
dharris
4.33
319
Joseph
5.00
665
https://jacksbrain.com
3.80
275
jadwigaostrowska803
4.89
20,000+
SecuriTeam
2.06
8,000+
brother.rain.1024
3.25
429
ResidualLaugh
4.85
20,000+