Limit the amount of disclosed information in alerts

ssl / ezXSS

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

https://ezxss.com

MIT License

1.87k stars 330 forks source link

Limit the amount of disclosed information in alerts #157

Closed Techbrunch closed 7 months ago

Techbrunch commented 7 months ago

Hello,

It would be great if the admin could limit the amount of information included in alerts.

This would prevent potentially sensitive information to be stored in multiple location (email, slack, telegram, discord).

Ideally you should be able to set what to include, but the most sensitive fields we don't want in alerts are cookies, local & session storage, DOM, screenshot.

Thanks for the great tool

ssl commented 7 months ago

Hey @Techbrunch,

You can easily edit this yourself in the alerts templates.

Doing this as some checkbox in the admin would need big changes to how the code works, and I believe most people would not want to hide these items in the alerts. Nevertheless, the alerts templates are designed to be easily edited to your own liking.