DOM based XSS finder

A Chrome extension for finding DOM based XSS vulnerabilities

DOM based XSS finder - Chrome extension

"DOM based XSS finder" is a Chrome extension that finds vulnerabilities in websites using DOM based XSS. It notifies about user-inputs leading to dangerous functions, fuzzes user-inputs, and generates proof of concept alerts.

Extension stats

By: askn
Users: 2,000+
Rating: 2.50
(2)
Version: 1.0.0 (Last updated: 2021-11-19)
Creation date: 2020-02-05
Risk impact: Very high risk impact
Risk likelihood:
Manifest version: 2
Permissions:
  • storage
  • webNavigation
  • tabs
  • *://*/
  • debugger
  • unlimitedStorage
Size: 2.58M
URLs: Website

Other platforms

Not available on Android
Not available on Firefox
Not available on Edge
Want to check extension ranking and stats more quickly for other Chrome extensions? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Chrome Web Store.

Extension summary

"DOM based XSS finder" is a Chrome extension that finds DOM based XSS vulnerabilities.

Finding DOM based XSS can be bothersome. This extension can be helpful. This extension has the following features:

  • Notify if a user-input such as "location.href" leads to a dangerous function such as "eval".
  • Fuzzing for user-inputs such as query, hash and referrer.
  • Generate a PoC that generates a alert prompt.

This extension is actively developed. More features will be added in later versions.

This tool is a dynamic JavaScript tracer, not a static JavaScript scanner. So you must execute JavaScript by manual crawling with this extension starting.

Usage

  1. Click the icon and hit "Start".
  2. Browse pages that you want to scan.
See more

User reviews

No funciona, todo el rato aparece "scanning" pero no parece funcionar nada
by Albert Navarro, 2022-04-20

it pretty good
by borhan gherbi, 2020-12-31
View all user reviews

Extension safety

Risk impact

DOM based XSS finder requires a lot of sensitive permissions. Exercise caution before installing.

Risk likelihood

DOM based XSS finder may not be trust-worthy. Avoid installing if possible unless you really trust this publisher.

Upgrade to see risk analysis details

Similar extensions

Here are some Chrome extensions that are similar to DOM based XSS finder: