Execution fails with Request URL Too Long

ollseg / ttt-ext

Chrome extension to aid in finding DOMXSS by simple taint analysis of string values.

82 stars 12 forks source link

Execution fails with Request URL Too Long #3

Closed rotemreiss closed 5 years ago

rotemreiss commented 5 years ago

Hi,

First of all, I enjoyed your talk at SecuirytFest! Great talk. ❤️

I just tried that Chrome extension for the first time and on two different applications, I'm getting "Request URL Too Long" error from the application's web server because of one of the tests. Is that a known issue? How can we make the tool to complete all its tests without being stopped with this error?

Thanks!

ollseg commented 5 years ago

I have reverted to the previous behaviour of trying to remove tainted values from the URL parameters before sending to the server. This fixes the issue at the expense of added complexity and permission requirements. Closing as fixed.

rotemreiss commented 5 years ago

Will update the extension on my local and test it again. Thanks :)