Find sources and sinks in js code that could lead to DOM XSS
π§ Source := JavaScript property that accepts user controlled data (eg
location.search
)
π° Sink := Potential dangerous JavaScript function or DOM object that can cause indesirable effect if attacker controlled data is pass to it (eg
eval
)
> Find sources in js code:
cat [js_file] | fsource
> Find sinks in js code:
cat [js_file] | fsink
π‘ Tip:
To retrieve all js code from an url ~> jse
:
export URL=[url]
curl -s $URL -H "Accept: text/html" | jse -u $URL -gather-src 2>/dev/null
Find all related shortcuts: bang π₯
π‘ Tip 2:
Use -C [NUM]
parameter to get more context when source/sink has been found (Print [NUM]
lines of output context)
curl -s -lO -L https://github.com/ariary/DomXssFinder/releases/latest/download/fsink
curl -s -lO -L https://github.com/ariary/DomXssFinder/releases/latest/download/fsource
chmod +x fsink fsource
mv fsink [path in $PATH] && mv fsource [path in $PATH]
See how to exploit: