KNOXSS Community Edition Autor: Brute Logic
Tool for XSS (Cross-Site Scripting) discovery.
364 používateľov364 používateľov
Na použitie tohto rozšírenia budete potrebovať Firefox
Metadáta rozšírenia
Snímky obrazovky
O tomto rozšírení
KNOXSS Community Edition is a FREE standalone version of KNOXSS browser add-on designed to find the main XSS (Cross-Site Scripting) cases shown here.
In current version (beta 0.2.0) it can detect all XSS cases below for GET and POST requests. Just open one of the testing URLs and click on add-on's icon in your Firefox.
Main advantages include HIGH SPEED and GOOD EFFICIENCY to find covered cases in regular scenarios (exact reflection of input in response).
Unfortunately it's very prone to both false positive and false negative since it works by parsing the source code not by actual detection of JavaScript execution like main KNOXSS does.
Here are the URLs (XSS cases) for testing:
GET Method:
https://brutelogic.com.br/gxss.php?a=any
https://brutelogic.com.br/gxss.php?b1=any
https://brutelogic.com.br/gxss.php?b2=any
https://brutelogic.com.br/gxss.php?b3=any
https://brutelogic.com.br/gxss.php?b4=any
https://brutelogic.com.br/gxss.php?c1=any
https://brutelogic.com.br/gxss.php?c2=any
https://brutelogic.com.br/gxss.php?c3=any
https://brutelogic.com.br/gxss.php?c4=any
https://brutelogic.com.br/gxss.php?c5=any
https://brutelogic.com.br/gxss.php?c6=any
POST Method:
http://testphp.vulnweb.com/
https://demo.testfire.net/
https://brutelogic.com.br/pxss.php
Feedback is welcome @brutelogic.
In current version (beta 0.2.0) it can detect all XSS cases below for GET and POST requests. Just open one of the testing URLs and click on add-on's icon in your Firefox.
Main advantages include HIGH SPEED and GOOD EFFICIENCY to find covered cases in regular scenarios (exact reflection of input in response).
Unfortunately it's very prone to both false positive and false negative since it works by parsing the source code not by actual detection of JavaScript execution like main KNOXSS does.
Here are the URLs (XSS cases) for testing:
GET Method:
https://brutelogic.com.br/gxss.php?a=any
https://brutelogic.com.br/gxss.php?b1=any
https://brutelogic.com.br/gxss.php?b2=any
https://brutelogic.com.br/gxss.php?b3=any
https://brutelogic.com.br/gxss.php?b4=any
https://brutelogic.com.br/gxss.php?c1=any
https://brutelogic.com.br/gxss.php?c2=any
https://brutelogic.com.br/gxss.php?c3=any
https://brutelogic.com.br/gxss.php?c4=any
https://brutelogic.com.br/gxss.php?c5=any
https://brutelogic.com.br/gxss.php?c6=any
POST Method:
http://testphp.vulnweb.com/
https://demo.testfire.net/
https://brutelogic.com.br/pxss.php
Feedback is welcome @brutelogic.
Hodnotené 4 od 4 recenzentov
Povolenia a údajeĎalšie informácie
Požadované oprávnenia:
- Zobrazovať upozornenia
- Pristupovať ku kartám prehliadača
- Pristupovať k aktivitám prehliadača v priebehu prehliadania
- Pristupovať k údajom pre všetky webové stránky
Ďalšie informácie
- Odkazy doplnku
- Verzia
- 0.2.0
- Veľkosť
- 18,19 kB
- Posledná aktualizácia
- pred 6 rokmi (12. aug 2019)
- Príbuzné kategórie
- Licencia
- Všetky práva vyhradené
- História verzií
- Pridať do kolekcie
Podporte tohto vývojára
Vývojár tohto rozšírenia žiada o podporu v jeho vývoji zaslaním malého príspevku.
Poznámky k vydaniu pre verziu 0.2.0
Added automatic capture of HTML forms to find XSS with POST method.
Added PoC for XSS with POST method.
Added PoC for XSS with POST method.
Ďalšie rozšírenia od autora Brute Logic
Doplnok zatiaľ nie je ohodnotený- Doplnok zatiaľ nie je ohodnotený
- Doplnok zatiaľ nie je ohodnotený
- Doplnok zatiaľ nie je ohodnotený
- Doplnok zatiaľ nie je ohodnotený
- Doplnok zatiaľ nie je ohodnotený