GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → ollseg → ttt-ext

ollseg / ttt-ext

Licence: other
Chrome extension to aid in finding DOMXSS by simple taint analysis of string values.

Programming Languages

javascript
184084 projects - #8 most used programming language
HTML
75241 projects

Labels

chrome-extensioninjectionxss-scannerxss-detectiontaint

Projects that are alternatives of or similar to ttt-ext

Xss Payload List
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Stars: ✭ 2,617 (+3130.86%)
Mutual labels:  xss-scanner, xss-detection
Xsstrike
Most advanced XSS scanner.
Stars: ✭ 9,822 (+12025.93%)
Mutual labels:  xss-scanner, xss-detection
SilentETHMiner
A Silent (Hidden) Ethereum (ETH & ETC) Miner Builder
Stars: ✭ 219 (+170.37%)
Mutual labels:  injection
iFrameX
Iframe generator with dynamic content injection like HTML, Javascript, CSS, etc. and two ways communication, parent <-> iframe.
Stars: ✭ 18 (-77.78%)
Mutual labels:  injection
DaggerAutoInject
Inject automatically your Activities & Fragments, just with a simple annotation
Stars: ✭ 49 (-39.51%)
Mutual labels:  injection
Adun
A way to backdoor every process
Stars: ✭ 58 (-28.4%)
Mutual labels:  injection
tsdi
Dependency Injection container (IoC) for TypeScript
Stars: ✭ 50 (-38.27%)
Mutual labels:  injection
libdft64
libdft for Intel Pin 3.x and 64 bit platform. (Dynamic taint tracking, taint analysis)
Stars: ✭ 174 (+114.81%)
Mutual labels:  taint
inject
A simple Kotlin multi-platform abstraction around the javax.inject annotations.
Stars: ✭ 42 (-48.15%)
Mutual labels:  injection
ZeusInjector
An Open Source Windows DLL Injector With All Known Techniques Available
Stars: ✭ 65 (-19.75%)
Mutual labels:  injection
DependencyInjector
Lightweight dependency injector
Stars: ✭ 30 (-62.96%)
Mutual labels:  injection
PopKorn
DI can be simple. Forget about modules and components. Just use it!
Stars: ✭ 139 (+71.6%)
Mutual labels:  injection
kubernetes-scheduling-examples
Walk-through guide of advanced scheduling concepts in Kubernetes
Stars: ✭ 38 (-53.09%)
Mutual labels:  taint
CNeptune
CNeptune improve productivity & efficiency by urbanize .net module with meta-code to lay foundation for frameworks
Stars: ✭ 30 (-62.96%)
Mutual labels:  injection
zipcode
ZipCode Cep do Brazil
Stars: ✭ 43 (-46.91%)
Mutual labels:  injection
dotnet-security-unit-tests
A web application that contains several unit tests for the purpose of .NET security
Stars: ✭ 25 (-69.14%)
Mutual labels:  injection
pwptemp
pwptemp
Stars: ✭ 54 (-33.33%)
Mutual labels:  injection
SResigner
A macos application for ipa resign,dylib inject/delete and metadata modify.
Stars: ✭ 52 (-35.8%)
Mutual labels:  injection
safe-svg
Simple and lightweight library that helps to validate SVG files in security manners.
Stars: ✭ 25 (-69.14%)
Mutual labels:  xss-detection
TiEtwAgent
PoC memory injection detection agent based on ETW, for offensive and defensive research purposes
Stars: ✭ 135 (+66.67%)
Mutual labels:  injection
View All Similar Projects ➔

Taint Testing Tool

Simple Chrome extension to assist in finding DOMXSS and similar security issues. Works by injecting a unique string into "sources" such as page location, referrer, cookies, etc. JavaScript hooks then instrument various "sinks" such as eval() and innerHTML to look for the "taint".

Clicking the "browser action" icon scans the included script sources for keywords to add as parameters, similar to DOMinator's "smart fuzzing" technique. This helps find stuff that parses location.hash as key-value and where only a certain keyword will be vulnerable to injection.

Options page contains a setting to automatically trigger the keyword search on every page load, which sometimes confuses single-page web apps.

There is currently NO way to limit the scope of the extension, so please disable it when not in use. In fact, limiting the scope will miss analysis of cross-origin iframes so using "On Click" or "On Specific Sites" is not advised. Please, just don't use this extension on sites where you don't have permission to test for security issues.

The awesome icon was made by smalllikeart from www.flaticon.com and is licensed CC 3.0 BY.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].