DOMLogger++ di Kévin (Mizu)
DOMLogger++ allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.
Devi utilizzare Firefox per poter installare questa estensione
Metadati estensione
Screenshot
Informazioni sull’estensione
Description:
DOMLogger++ is a browser extension developed for web developers and security researchers. It hooks into specific JavaScript sinks, helping users understand how web scripts operate. With customizable JSON settings, users can adjust how the extension works according to their needs.
This tool is especially useful for those looking to identify security risks in web applications. By offering insights into JavaScript interactions, DOMLogger++ can help spot potential vulnerabilities in websites.
Features:
- [x] Regex-based domain management.
- [x] Flexible hooking configuration (class, function, attribute, event).
- [x] Regex-based hooks arguments and stack trace filtering (match, !match, matchTrace, !matchTrace).
- [x] Dynamic regex generation (exec:).
- [x] Dynamic sinks arguments update (hookFunction).
- [x] Customizable notifications system (alert, notification).
- [x] Required hook logging condition (requiredHook).
- [x] On-demand debugging breakpoints.
- [x] Integrated Devtools log panel.
- [x] Response headers filtering.
- [x] Remote logging via webhooks.
- [x] Extensive theme customization.
DOMLogger++ is a browser extension developed for web developers and security researchers. It hooks into specific JavaScript sinks, helping users understand how web scripts operate. With customizable JSON settings, users can adjust how the extension works according to their needs.
This tool is especially useful for those looking to identify security risks in web applications. By offering insights into JavaScript interactions, DOMLogger++ can help spot potential vulnerabilities in websites.
Features:
- [x] Regex-based domain management.
- [x] Flexible hooking configuration (class, function, attribute, event).
- [x] Regex-based hooks arguments and stack trace filtering (match, !match, matchTrace, !matchTrace).
- [x] Dynamic regex generation (exec:).
- [x] Dynamic sinks arguments update (hookFunction).
- [x] Customizable notifications system (alert, notification).
- [x] Required hook logging condition (requiredHook).
- [x] On-demand debugging breakpoints.
- [x] Integrated Devtools log panel.
- [x] Response headers filtering.
- [x] Remote logging via webhooks.
- [x] Extensive theme customization.
Valuta la tua esperienza utente
PermessiUlteriori informazioni
Questo componente aggiuntivo necessita di:
- Consentire agli strumenti di sviluppo accesso ai dati delle schede aperte
- Visualizzare notifiche
- Accedere alle schede
- Accedere ai dati di tutti i siti web
Ulteriori informazioni
- Link componente aggiuntivo
- Versione
- 1.0.7
- Dimensione
- 652,96 kB
- Ultimo aggiornamento
- 2 mesi fa (14 nov 2024)
- Categorie correlate
- Licenza
- Licenza MIT
- Cronologia versioni
Aggiungi alla raccolta
Note di versione per la versione 1.0.7
### Added
- New hideThis configuration key to hide thisArg in devtools for function sinks (#29) (Thanks aristosMiliaressis).
- Improved leverage-innerHTML.json config to detect potential document DOM clobbering sinks.
- New Client-Side Prototype Pollution detection (cspp.json) configuration file.
- Devtools font size can now be configured from the settings.
### Updated
- The CSPT config has been improved to properly handle "fetch(new Request('/'))".
- Banned words have been updated in all configs.
- The thisArg notation in devtools has been improved to make it easier to read (#29) (Thanks aristosMiliaressis).
- JavaScript injection has been improved on Firefox (wasn't needed for Chromium) to limit the init race condition.
- The dupKey value is now computed in the DOM instead of the background script.
### Fixed
- Fixed a bug that made attribute hooking impossible without set/get.
- Fixed a bug that blocked hooking postMessage without typing window.postMessage (#25).
- Fixed a DOS loop issue in the onmessage handler that triggered a hooked sink.
- New hideThis configuration key to hide thisArg in devtools for function sinks (#29) (Thanks aristosMiliaressis).
- Improved leverage-innerHTML.json config to detect potential document DOM clobbering sinks.
- New Client-Side Prototype Pollution detection (cspp.json) configuration file.
- Devtools font size can now be configured from the settings.
### Updated
- The CSPT config has been improved to properly handle "fetch(new Request('/'))".
- Banned words have been updated in all configs.
- The thisArg notation in devtools has been improved to make it easier to read (#29) (Thanks aristosMiliaressis).
- JavaScript injection has been improved on Firefox (wasn't needed for Chromium) to limit the init race condition.
- The dupKey value is now computed in the DOM instead of the background script.
### Fixed
- Fixed a bug that made attribute hooking impossible without set/get.
- Fixed a bug that blocked hooking postMessage without typing window.postMessage (#25).
- Fixed a DOS loop issue in the onmessage handler that triggered a hooked sink.
Altre estensioni di Kévin (Mizu)
Non ci sono ancora valutazioni- Non ci sono ancora valutazioni
- Non ci sono ancora valutazioni
- Non ci sono ancora valutazioni
- Non ci sono ancora valutazioni
- Non ci sono ancora valutazioni