Tracy Firefox

Tracy

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.
Tracy
Download Install

Features & Capabilities

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

There are many different ways to trigger XSS, especially considering the large number of frontend frameworks that have been made popular in the last few years. For example, some of the less traditional ways of exploiting XSS can be through:

  • DOM clobbering
  • DOM injection
  • Frontend template injection
  • Backend template injection
  • Open redirects
These attack vectors are significantly different than traditional stored and reflected XSS cases and they require new tools for finding them effectively.

Many similar tools only look for server response reflection, however this is not very helpful if all output encoding is performed by the frontend. In order to really gain knowledge about all the true sinks of the application, we need a tool that grants us "X-ray vision into the DOM".

This extensions was written with the goal of eliminating XSS by assisting a penetration tester in identifying every source of input into an application and following that input to all of its sinks. These cases are documented and stored as references that can be used to identify the locations of potentially risky input.

User Growth & Download Statistics

Manifest V2 Add-on
By:
Jake Heath
Daily users:
2
Rating:
5.00
(4)
Version:
0.9.2 Last updated: 2021-05-21
Version code:
5235754
Creation date:
2018-04-06
Risk:
High risk impact Low risk likelihood
Permissions:
Content scripts matches:
  • <all_urls>
Size:
910.55KB
Email:
ja*****@gmail.com
URLs:
Website
Full description:
See detailed description
Source:
Firefox Add-ons Store
Data ingested on:
2026-06-15
Compare stats and ranking:

Ranking

# 55,893 ▼ 324

For Developers

Monetize with App Pass Boost with Extension Booster

Contact the developer

Chrome-Stats does not own this Firefox add-on. Please use these information below to contact the Firefox add-on developer.
Developed by:
Jake Heath
Firefox Add-ons Store
https://addons.mozilla.org/firefox/addon/tracyplugin/
Email:
ja*****@gmail.com
Website:
https://github.com/nccgroup/tracy

User Reviews

by Ma*****, 2020-05-28
Great tool, thanks Jake. One thing I would suggest is being able to turn off the green input highlight/tracy icon and just have tracy in the right click menu. Thanks again!
by Fi*****, 2019-08-05
by Fi*****, 2018-10-17
View all user reviews ›

Is Tracy Safe?

Risk impact
Risk impact measures the level of extra permissions an extension has access to. A low risk impact extension cannot do much harms, whereas a high risk impact extension can do a lot of damage like stealing your password, bypassing your security settings, and accessing your personal data. High risk impact extensions are not necessarily malicious. However, if they do turn malicious, they can be very harmful.

Tracy requires some sensitive permissions that could impact your browser and data security. Exercise caution before installing.

Risk impact analysis details
  • Critical Allows access to all websites, posing a significant security risk as it can monitor and modify data from any visited site.
  • High ****** *** ********* ** ******* *** ******* ******* ** ****** *** *** ******** ******
  • High ******* ******* **** *** ****** ***** *** ***** ** ******* **** ********* ********* ** * *********** *****
Risk likelihood
Risk likelihood measures the probability that a Firefox add-on may turn malicious. This is determined by the publisher and the Firefox add-on reputation on Firefox Add-ons Store, the amount of time the Firefox add-on has been around, and other signals about the Firefox add-on. Our algorithms are not perfect, and are subject to change as we discover new ways to detect malicious extensions. We recommend that you always exercise caution when installing a Firefox add-on.

Tracy has earned a fairly good reputation and likely can be trusted.

Risk likelihood analysis details
  • High This extension has low user count. Unpopular extensions may not be stable or safe.
  • Low **** ********* *** ******* **** **** * ****** **** ***** ******** *** **** ****** ** ** ****** *** *****
  • Low **** ********* *** ***** **** **** * ****** **** ***** ********** *** **** ****** ** ** ****** *** *****
  • Good **** ********* *** **** **** *******
Extension Guard
Extension Guard

Discover every extension in use, analyze risks, and enforce blocking policies with Extension Guard

Secure Your Browser
Upgrade to see full risk analysis details

Best Tracy Alternatives

Here are some Firefox add-ons that are similar to Tracy:

DOM XSS Highlighter — Pro
0xgz
6 0.00 (0)
XSSpect
Muhammed Galal
38 0.00 (0)
XSS Finder
xss-finder
11 0.00 (0)
KNOXSS Community Edition
Brute Logic
308 4.00 (4)
Sink Hooker
ayadim
1 0.00 (0)
XSS Detector
Zack Coleman
2 0.00 (0)
XSnare
jcpazos
- 0.00 (0)
XSS Finder ext
xss-finder-ext
3 0.00 (0)
HackTools
Riadh B. & Ludovic C.
2K 4.70 (46)
JS Recon Buddy
JSReconBuddy
170 5.00 (2)
XSSRush
N45HT
21 4.00 (1)
Web Explode
macallan
7 5.00 (2)