[WEB SECURITY] New tool: XSS Rays chrome extension
gaz Heyes
gazheyes at gmail.com
Fri Jan 21 12:24:59 EST 2011
Hello everyone
I've made a tool that we all need. Want to blackbox reverse a XSS filter?
Done.
Want to regex search the dom and event handlers for innerHTML or something?
Done.
Want to use the DOM to crawl a web site and test for XSS? Done.
Want to inspect the window for user defined functions and objects? Oh and
edit them in real time? Done.
Want to inject forms? Edit forms in a non-destructive way? Yeah done.
Finally I know you've always wanted to inject a string into a site and
automatically extract the output from the DOM to test a client side filter
haven't you? Done.
Here it is:-
<http://www.thespanner.co.uk/2011/01/21/xss-rays-extension/>
It's free too, I'm a nutcase. I will accept cheques for £500,000 in a
unnamed swiss bank account or a nice email telling me that it's cool with
features requests would be good.
Cheers
Gareth
PS Chrome devs: this bug sucks.
http://code.google.com/p/chromium/issues/detail?id=13175 fixed it
pleeeeeeeeese then XSS rays can be even more awesome and inspect innerHTML
and check filters using setters.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110121/9e6e69ea/attachment.html>
More information about the websecurity
mailing list