Skip to content

Find sources and sinks in js code that could lead to DOM XSS πŸ”ŽπŸ’§πŸš°

Notifications You must be signed in to change notification settings

ariary/DomXssFinder

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

20 Commits
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

DomXssFinder

Find sources and sinks in js code that could lead to DOM XSS

πŸ’§ Source := JavaScript property that accepts user controlled data (eg location.search)

🚰 Sink := Potential dangerous JavaScript function or DOM object that can cause indesirable effect if attacker controlled data is pass to it (eg eval)

How ?

> Find sources in js code:

cat [js_file] | fsource

> Find sinks in js code:

cat [js_file] | fsink

πŸ’‘ Tip: To retrieve all js code from an url ~> jse:

export URL=[url]
curl -s $URL -H "Accept: text/html" | jse -u $URL -gather-src 2>/dev/null

Find all related shortcuts: bang πŸ’₯

πŸ’‘ Tip 2: Use -C [NUM] parameter to get more context when source/sink has been found (Print [NUM] lines of output context)

Get ready !

curl -s -lO -L https://github.com/ariary/DomXssFinder/releases/latest/download/fsink 
curl -s -lO -L https://github.com/ariary/DomXssFinder/releases/latest/download/fsource
chmod +x fsink fsource
mv fsink [path in $PATH] && mv fsource [path in $PATH]

Notes

See how to exploit: