Domsnitch - passive reconnaissance tool inside DOM
Thursday, June 23, 2011
0
comments
Domsnitch - passive reconnaissance tool inside DOM
DOM Snitch is an experimental Chrome extension that enables developers and testers to identify insecure practices commonly found in client-side code.
developers we have adopted several approaches to intercepting JavaScript calls to key and potentially dangerous browser infrastructure such as document.write or HTMLElement.innerHTML (among others). Once a JavaScript call has been intercepted, DOM Snitch records the document URL and a complete stack trace that will help assess if the intercepted call can lead to cross-site scripting, mixed content, insecure modifications to the same-origin policy for DOM access, or other client-side issues.
Key features:
- Real-time: Developers and testers can observe DOM modifications as they happen inside the browser without the need to step through JavaScript code with a debugger or pause the execution of their application.
- Easy to use: With built-in security heuristics and nested view, both advanced and less experienced developers and testers can quickly spot areas of the application being tested that need more attention.
- Easier collaboration: Enables developers and testers to easily export and share captured DOM modifications while troubleshooting an issue with their peers.
Download Here
https://code.google.com/p/domsnitch/downloads/list
Categories:
Hacking Tools,
penetration testing,
XSS
0 comments:
Post a Comment