JSXtract 作者: Device1
JSXtract is a security research tool used to pull various type of data from JS files that exist within a selected tab.
您需要 Firefox 来使用此扩展
扩展元数据
关于此扩展
This tool is a great way to get an initial look on what may exist within the application. You can use the tool to get some basic data such as urls, endpoints and parameters or get a good initial look of sinks, postmessages and then go deeper from there etc.
How it's used
- First the user should open dev tools and check which domains the JS files of the application are from i.e. netflix uses nflxext.com, in which case you'd place something like "nflx" into the whitelist input (this input is comma separated array i.e. nflx,netflix), which will then get all JS files from sources which include "nflx" in them. The whitelist was created to separate thirdparty JS from the applications JS files.
- Second you'd press start and a new tab called "results" opens up in your browser which allows you to see the data which we're found through various regex.
Results
- Urls
- Endpoints
- Parameters
- Sinks (various sinks with a bit of context)
- PostMessages (These also have a bit of context)
- Misc. (These are values of .get() & .set() with some context)
The regex used
Urls: > /https?:\/\/[a-zA-Z0-9.-_\/\${}:]+/g
Endpoints: > /(?<=[\"\'])\/[a-zA-Z0-9-._\/\${}:]{2,}/g
Parameters: > /(?<=\?)[a-zA-Z0-9-_]{2,}(?==)/g
Misc.: > /[()[]{}\w]{0,20}.[sg]et([\"\'][^\"\']+[\"\'][^)]*)/g
Sinks: > /document.(write(ln)([^)]+)|domain\s?=\s?[^;)]}]{1,300})|.(innerHTML|outerHTML|insertAdjacentHTML|onevent|srcdoc)\s?[=]\s?[^;]{1,300};|dangerouslySetInnerHTML[=:]\s?{?[^;}]{1,300}[;}]|location.(host|hostname|href|pathname|search|protocol)\s?=[^;]{1,300};|location.(assign(|replace()[^)]{1,300})|document.cookie\s?=\s?[^;]{1,300};|(eval(uate)?|execCommand|execScript)([^)]+)|.(href|src|action)\s?=\s?[^;]{1,300};|FileReader.(readAsArrayBuffer|readAsBinaryString|readAsDataURL|readAsText|readAsFile|root.getFile)([^)]{1,300})/g
PostMessages: > /postMessage(.{1,300});|addEventListener([\'\"]message[\'\"].{1,300});/g
Github
https://github.com/Antp1k/jsxtract/
How it's used
- First the user should open dev tools and check which domains the JS files of the application are from i.e. netflix uses nflxext.com, in which case you'd place something like "nflx" into the whitelist input (this input is comma separated array i.e. nflx,netflix), which will then get all JS files from sources which include "nflx" in them. The whitelist was created to separate thirdparty JS from the applications JS files.
- Second you'd press start and a new tab called "results" opens up in your browser which allows you to see the data which we're found through various regex.
Results
- Urls
- Endpoints
- Parameters
- Sinks (various sinks with a bit of context)
- PostMessages (These also have a bit of context)
- Misc. (These are values of .get() & .set() with some context)
The regex used
Urls: > /https?:\/\/[a-zA-Z0-9.-_\/\${}:]+/g
Endpoints: > /(?<=[\"\'])\/[a-zA-Z0-9-._\/\${}:]{2,}/g
Parameters: > /(?<=\?)[a-zA-Z0-9-_]{2,}(?==)/g
Misc.: > /[()[]{}\w]{0,20}.[sg]et([\"\'][^\"\']+[\"\'][^)]*)/g
Sinks: > /document.(write(ln)([^)]+)|domain\s?=\s?[^;)]}]{1,300})|.(innerHTML|outerHTML|insertAdjacentHTML|onevent|srcdoc)\s?[=]\s?[^;]{1,300};|dangerouslySetInnerHTML[=:]\s?{?[^;}]{1,300}[;}]|location.(host|hostname|href|pathname|search|protocol)\s?=[^;]{1,300};|location.(assign(|replace()[^)]{1,300})|document.cookie\s?=\s?[^;]{1,300};|(eval(uate)?|execCommand|execScript)([^)]+)|.(href|src|action)\s?=\s?[^;]{1,300};|FileReader.(readAsArrayBuffer|readAsBinaryString|readAsDataURL|readAsText|readAsFile|root.getFile)([^)]{1,300})/g
PostMessages: > /postMessage(.{1,300});|addEventListener([\'\"]message[\'\"].{1,300});/g
Github
https://github.com/Antp1k/jsxtract/
为您的体验打分
权限详细了解
此附加组件需要:
- 存取浏览器标签页
此附加组件可能也会要求:
- 访问您在所有网站的数据
更多信息
添加到收藏集
Device1 制作的更多扩展
目前尚无评分- 目前尚无评分
- 目前尚无评分
- 目前尚无评分
- 目前尚无评分
- 目前尚无评分