ollseg / ttt-ext

Chrome extension to aid in finding DOMXSS by simple taint analysis of string values.
82 stars 12 forks source link
chrome-extension injection taint xss-detection xss-scanner

Taint Testing Tool

Simple Chrome extension to assist in finding DOMXSS and similar security issues. Works by injecting a unique string into "sources" such as page location, referrer, cookies, etc. JavaScript hooks then instrument various "sinks" such as eval() and innerHTML to look for the "taint".

Clicking the "browser action" icon scans the included script sources for keywords to add as parameters, similar to DOMinator's "smart fuzzing" technique. This helps find stuff that parses location.hash as key-value and where only a certain keyword will be vulnerable to injection.

Options page contains a setting to automatically trigger the keyword search on every page load, which sometimes confuses single-page web apps.

There is currently NO way to limit the scope of the extension, so please disable it when not in use. In fact, limiting the scope will miss analysis of cross-origin iframes so using "On Click" or "On Specific Sites" is not advised. Please, just don't use this extension on sites where you don't have permission to test for security issues.

The awesome icon was made by smalllikeart from www.flaticon.com and is licensed CC 3.0 BY.