Log in
Add-on icon

Eval Villain version history - 24 versions

Eval Villain by bemodtwz

3.7 Stars out of 5
5
2
4
0
3
0
2
0
1
1
Eval Villain version history - 24 versions

  • Be careful with old versions! These versions are displayed for testing and reference purposes.You should always use the latest version of an add-on.

  • Latest version

    Version 2.11

    Released Nov 13, 2024 - 53.89 KB
    Works with firefox 58.0 and later
    Fixes bug where localStorage is not properly sourced
    Improves encoder function for path search
    Fixes mistake is sourcer debug statment

    Source code released under GNU General Public License v3.0 only

    You'll need Firefox to use this extension
    Download Firefox and get the extension
    Download file

  • Older versions

    Version 2.10

    Released Nov 11, 2024 - 53.74 KB
    Works with firefox 58.0 and later
    * Copy Eval Villain Injection or Config from the configuration page and paste into any JavaScript file to get Eval Villain into other browsers or contexts.
    * Better defaults for actual testing. Including CSPT and postMessage sinks.
    * Set limits on source banks in the configuration page
    * Lots of refactoring

    Source code released under GNU General Public License v3.0 only

    Download file

  • Version 2.9

    Released Sep 22, 2023 - 41.75 KB
    Works with firefox 48.0 and later
    * Use evSourcer to dynamically add to sources via instrumentation.
    * Use evSinker as a dynamic sink to be used with instrumentation.
    * EV now warns when it fails to load in a frame.
    * Replace console.log with console.info in the web page to avoid the pages logs cluttering up Eval Villain output.

    Source code released under GNU General Public License v3.0 only

    Download file

  • Version 2.8

    Released Mar 9, 2023 - 40.88 KB
    Works with firefox 48.0 and later
    Fix output of regex needles without global flag

    Source code released under GNU General Public License v3.0 only

    Download file

  • Version 2.7

    Released Feb 6, 2022 - 40.87 KB
    Works with firefox 59.0 and later
    Add function URLSearchParams.get to default config, disabled by default
    Spelling fixes
    Fix scope to preventing vars leaking into `window`

    Source code released under GNU General Public License v3.0 only

    Download file

  • Version 2.6

    Released Jul 26, 2021 - 41.02 KB
    Works with firefox 59.0 and later
    Constructors (like `new Function`) are now hooked.
    Better proto hooking (like `value(Range.createContextualFragment)`).

    Source code released under GNU General Public License v3.0 only

    Download file

  • Version 2.5

    Released Apr 28, 2021 - 40.82 KB
    Works with firefox 59.0 and later
    Fix bug where you couldn't delete a config item
    Provided encoder function will provide a second parameter now, using `encoder("payload", true)` should cause the payload to be inserted into the DOM XSS source.

    Source code released under GNU General Public License v3.0 only

    Download file

  • Version 2.4

    Released Apr 15, 2021 - 40.57 KB
    Works with firefox 59.0 and later
    Fix minor bug for configuration name collisions

    Source code released under GNU General Public License v3.0 only

    Download file

  • Version 2.3

    Released Apr 13, 2021 - 40.48 KB
    Works with firefox 59.0 and later
    * When a encoded source is found in a sink, a encoding function in JavaScript will be printed to the console. This function lets you see how Eval Villain decoded the source, and lets you quickly encode your own payloads.
    * Large text will receive it's own closed console.group to improve readability.

    Source code released under GNU General Public License v3.0 only

    Download file

  • Version 2.2

    Released Jan 26, 2021 - 41.24 KB
    Works with firefox 59.0 and later
    2 Major Changes
    * EV will now recursively decode DOM XSS sources for URL, base64 and JSON encoding. Decoded values will then be used to search input to the hooked functions.
    * Blacklists were previously applied to all input. I found this to be mostly useless. Now blacklists are applied to decoded input sources. So you can blacklist `/^true$/` and a URL parameter that is set to `true` won't cause all `eval` calls containing `true` to be marked as interesting.

    Source code released under GNU General Public License v3.0 only

    Download file

  • Version 2.1

    Released Jul 14, 2020 - 41.25 KB
    Works with firefox 59.0 and later
    It is now safe to hook decodeURI, and decodeURIComponent. This can be helpful for finding where inputs are parsed.

    Source code released under GNU General Public License v3.0 only

    Download file

  • Version 2.0

    Released Mar 9, 2020 - 41.22 KB
    Works with firefox 59.0 and later
    Refactoring should improve speed and performance.
    Monitors sinks for window name

    Source code released under GNU General Public License v3.0 only

    Download file

  • Version 1.11

    Released Aug 22, 2019 - 40.49 KB
    Works with firefox 59.0 and later
    Types: enable/disable types that you are interested.

    Source code released under GNU General Public License v3.0 only

    Download file

  • Version 1.10

    Released Aug 6, 2019 - 40.17 KB
    Works with firefox 59.0 and later
    Using `Reflect.apply` for proxying to reduce bugs. Thanks Mike Samuel!
    Show argument types
    Better handling of multiple arguments to a function.

    Source code released under GNU General Public License v3.0 only

    Download file

  • Version 1.9

    Released Jun 25, 2019 - 40.01 KB
    Works with firefox 59.0 and later
    Features:
    * Toggle Eval Villain with key commands
    Bug fixes:
    Functions are now hooked using `Proxy`. Eval Villain should break fewer pages. Reference: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Proxy

    Source code released under GNU General Public License v3.0 only

    Download file

  • Version 1.8

    Released Jun 13, 2019 - 40.07 KB
    Works with firefox 59.0 and later
    URL Decode bug fix

    Source code released under GNU General Public License v3.0 only

    Download file

  • Version 1.7

    Released Jun 11, 2019 - 40.01 KB
    Works with firefox 59.0 and later
    Fixed bug in query search

    Source code released under GNU General Public License v3.0 only

    Download file

  • Version 1.6

    Released Jun 11, 2019 - 40.01 KB
    Works with firefox 59.0 and later
    Function hooks now handle multiple arguments
    Hook `Function` if you want, likely to break webpages though
    Bug fixes/improved query search

    Source code released under GNU General Public License v3.0 only

    Download file

  • Version 1.5

    Released Jan 2, 2019 - 36.47 KB
    Works with firefox 59.0 and later
    Handles malformed URI encoding without breaking code flow.
    Having console.log remapped by the page should no longer interfere with output.

    Source code released under GNU General Public License v3.0 only

    Download file

  • Version 1.4

    Released Aug 14, 2018 - 36.4 KB
    Works with firefox 59.0 and later, android 59.0 to 68.*
    * fix URL decode logic bug
    * No longer search for URL parameter names.

    Source code released under GNU General Public License v3.0 only

    Download file

  • Version 1.3

    Released Aug 10, 2018 - 36.41 KB
    Works with firefox 59.0 and later, android 59.0 to 68.*
    * fixed a couple RegEx needle highlighting bugs
    * fragment and query search now also check if the value has been URL decoded.

    Source code released under GNU General Public License v3.0 only

    Download file

  • Version 1.2

    Released Aug 7, 2018 - 35.91 KB
    Works with firefox 59.0 and later, android 59.0 to 68.*
    This version just improves the UI some.

    Source code released under GNU General Public License v3.0 only

    Download file

  • Version 1.1

    Released Aug 2, 2018 - 36.06 KB
    Works with firefox 59.0 and later, android 59.0 to 68.*

    Source code released under GNU General Public License v3.0 only

    Download file

  • Version 1.0

    Released Aug 2, 2018 - 36.07 KB
    Works with firefox 59.0 and later, android 59.0 to 68.*

    Source code released under GNU General Public License v3.0 only

    Download file