gwen001
commented
1 year ago Issue correctly handled, tool is waiting for human validation.
Closed gwen001 closed 1 year ago
gwen001
commented
1 year ago Issue correctly handled, tool is waiting for human validation.
gwen001
commented
1 year ago Tool has been accepted by the team: https://offsec.tools/tool/tracy
Thank you for your contribution!
[link]https://github.com/nccgroup/tracy[/link] [short_descr]Assists with finding all sinks and sources of a webapp and display the results in a nice way.[/short_descr] [tags]vulnerabilities,xss,browser,chrome,firefox[/tags] [long_descr]A pentesting tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner. tracy should be used during the mapping-the-application phase of the pentest to identify sources of input and their corresponding outputs. tracy can use this data to intelligently find vulnerable instances of XSS, especially with web applications that use lots of JavaScript.
tracy is a browser extension that records all user input to a web application and monitors any time those inputs are output, for example in a DOM write, server response, or call to eval.[/long_descr]