Wersija historija Eval Villain - 24 wersijow
Eval Villain wót bemodtwz
Buźćo wobglědniwy ze staršymi wersijami! Toś te wersije se za testowanje a referencne zaměry pokazuju.Wy měł pśecej nejnowšu wersiju dodanka wužywaś.
Nejnowša wersija
Wersija 2.11
13 nov. 2024 wózjawjone - 53,89 KBFunkcioněrujo z firefox 58.0 a pózdźejFixes bug where localStorage is not properly sourced
Improves encoder function for path search
Fixes mistake is sourcer debug statmentŽrědłowy kod jo pód licencu Jano licenca GNU General Public License v3.0
Firefox ześěgnuś a rozšyrjenje wobstaraśTrjebaśo Firefox, aby toś to rozšyrjenje wužywałStarše wersije
Wersija 2.10
11 nov. 2024 wózjawjone - 53,74 KBFunkcioněrujo z firefox 58.0 a pózdźej* Copy Eval Villain Injection or Config from the configuration page and paste into any JavaScript file to get Eval Villain into other browsers or contexts.
* Better defaults for actual testing. Including CSPT and postMessage sinks.
* Set limits on source banks in the configuration page
* Lots of refactoringŽrědłowy kod jo pód licencu Jano licenca GNU General Public License v3.0
Wersija 2.9
22 sep. 2023 wózjawjone - 41,75 KBFunkcioněrujo z firefox 48.0 a pózdźej* Use evSourcer to dynamically add to sources via instrumentation.
* Use evSinker as a dynamic sink to be used with instrumentation.
* EV now warns when it fails to load in a frame.
* Replace console.log with console.info in the web page to avoid the pages logs cluttering up Eval Villain output.Žrědłowy kod jo pód licencu Jano licenca GNU General Public License v3.0
Wersija 2.8
9 mrt. 2023 wózjawjone - 40,88 KBFunkcioněrujo z firefox 48.0 a pózdźejFix output of regex needles without global flagŽrědłowy kod jo pód licencu Jano licenca GNU General Public License v3.0
Wersija 2.7
6 feb. 2022 wózjawjone - 40,87 KBFunkcioněrujo z firefox 59.0 a pózdźejAdd function URLSearchParams.get to default config, disabled by default
Spelling fixes
Fix scope to preventing vars leaking into `window`Žrědłowy kod jo pód licencu Jano licenca GNU General Public License v3.0
Wersija 2.6
26 jul. 2021 wózjawjone - 41,02 KBFunkcioněrujo z firefox 59.0 a pózdźejConstructors (like `new Function`) are now hooked.
Better proto hooking (like `value(Range.createContextualFragment)`).Žrědłowy kod jo pód licencu Jano licenca GNU General Public License v3.0
Wersija 2.5
28 apr. 2021 wózjawjone - 40,82 KBFunkcioněrujo z firefox 59.0 a pózdźejFix bug where you couldn't delete a config item
Provided encoder function will provide a second parameter now, using `encoder("payload", true)` should cause the payload to be inserted into the DOM XSS source.Žrědłowy kod jo pód licencu Jano licenca GNU General Public License v3.0
Wersija 2.4
15 apr. 2021 wózjawjone - 40,57 KBFunkcioněrujo z firefox 59.0 a pózdźejFix minor bug for configuration name collisionsŽrědłowy kod jo pód licencu Jano licenca GNU General Public License v3.0
Wersija 2.3
13 apr. 2021 wózjawjone - 40,48 KBFunkcioněrujo z firefox 59.0 a pózdźej* When a encoded source is found in a sink, a encoding function in JavaScript will be printed to the console. This function lets you see how Eval Villain decoded the source, and lets you quickly encode your own payloads.
* Large text will receive it's own closed console.group to improve readability.Žrědłowy kod jo pód licencu Jano licenca GNU General Public License v3.0
Wersija 2.2
26 jan. 2021 wózjawjone - 41,24 KBFunkcioněrujo z firefox 59.0 a pózdźej2 Major Changes
* EV will now recursively decode DOM XSS sources for URL, base64 and JSON encoding. Decoded values will then be used to search input to the hooked functions.
* Blacklists were previously applied to all input. I found this to be mostly useless. Now blacklists are applied to decoded input sources. So you can blacklist `/^true$/` and a URL parameter that is set to `true` won't cause all `eval` calls containing `true` to be marked as interesting.Žrědłowy kod jo pód licencu Jano licenca GNU General Public License v3.0
Wersija 2.1
14 jul. 2020 wózjawjone - 41,25 KBFunkcioněrujo z firefox 59.0 a pózdźejIt is now safe to hook decodeURI, and decodeURIComponent. This can be helpful for finding where inputs are parsed.Žrědłowy kod jo pód licencu Jano licenca GNU General Public License v3.0
Wersija 2.0
9 mrt. 2020 wózjawjone - 41,22 KBFunkcioněrujo z firefox 59.0 a pózdźejRefactoring should improve speed and performance.
Monitors sinks for window nameŽrědłowy kod jo pód licencu Jano licenca GNU General Public License v3.0
Wersija 1.11
22 aug. 2019 wózjawjone - 40,49 KBFunkcioněrujo z firefox 59.0 a pózdźejTypes: enable/disable types that you are interested.Žrědłowy kod jo pód licencu Jano licenca GNU General Public License v3.0
Wersija 1.10
6 aug. 2019 wózjawjone - 40,17 KBFunkcioněrujo z firefox 59.0 a pózdźejUsing `Reflect.apply` for proxying to reduce bugs. Thanks Mike Samuel!
Show argument types
Better handling of multiple arguments to a function.Žrědłowy kod jo pód licencu Jano licenca GNU General Public License v3.0
Wersija 1.9
25 jun. 2019 wózjawjone - 40,01 KBFunkcioněrujo z firefox 59.0 a pózdźejFeatures:
* Toggle Eval Villain with key commands
Bug fixes:
Functions are now hooked using `Proxy`. Eval Villain should break fewer pages. Reference: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/ProxyŽrědłowy kod jo pód licencu Jano licenca GNU General Public License v3.0
Wersija 1.8
13 jun. 2019 wózjawjone - 40,07 KBFunkcioněrujo z firefox 59.0 a pózdźejURL Decode bug fixŽrědłowy kod jo pód licencu Jano licenca GNU General Public License v3.0
Wersija 1.7
11 jun. 2019 wózjawjone - 40,01 KBFunkcioněrujo z firefox 59.0 a pózdźejFixed bug in query searchŽrědłowy kod jo pód licencu Jano licenca GNU General Public License v3.0
Wersija 1.6
11 jun. 2019 wózjawjone - 40,01 KBFunkcioněrujo z firefox 59.0 a pózdźejFunction hooks now handle multiple arguments
Hook `Function` if you want, likely to break webpages though
Bug fixes/improved query searchŽrědłowy kod jo pód licencu Jano licenca GNU General Public License v3.0
Wersija 1.5
2 jan. 2019 wózjawjone - 36,47 KBFunkcioněrujo z firefox 59.0 a pózdźejHandles malformed URI encoding without breaking code flow.
Having console.log remapped by the page should no longer interfere with output.Žrědłowy kod jo pód licencu Jano licenca GNU General Public License v3.0
Wersija 1.4
14 aug. 2018 wózjawjone - 36,4 KBFunkcioněrujo z firefox 59.0 a pózdźej, android 59.0 do 68.** fix URL decode logic bug
* No longer search for URL parameter names.Žrědłowy kod jo pód licencu Jano licenca GNU General Public License v3.0
Wersija 1.3
10 aug. 2018 wózjawjone - 36,41 KBFunkcioněrujo z firefox 59.0 a pózdźej, android 59.0 do 68.** fixed a couple RegEx needle highlighting bugs
* fragment and query search now also check if the value has been URL decoded.Žrědłowy kod jo pód licencu Jano licenca GNU General Public License v3.0
Wersija 1.2
7 aug. 2018 wózjawjone - 35,91 KBFunkcioněrujo z firefox 59.0 a pózdźej, android 59.0 do 68.*This version just improves the UI some.Žrědłowy kod jo pód licencu Jano licenca GNU General Public License v3.0
Wersija 1.1
2 aug. 2018 wózjawjone - 36,06 KBFunkcioněrujo z firefox 59.0 a pózdźej, android 59.0 do 68.*Žrědłowy kod jo pód licencu Jano licenca GNU General Public License v3.0
Wersija 1.0
2 aug. 2018 wózjawjone - 36,07 KBFunkcioněrujo z firefox 59.0 a pózdźej, android 59.0 do 68.*Žrědłowy kod jo pód licencu Jano licenca GNU General Public License v3.0