Sink Hooker 作者: ayadim
Hook and monitor DOM, eval, jQuery, and other sinks.
實驗中實驗中
擴充套件後設資料
畫面擷圖
關於此擴充套件
"Sink Hooker" is a browser extension designed for security researchers, penetration testers, and developers to identify potential security vulnerabilities in web applications.
It hooks into common JavaScript "sinks" - functions and properties that can execute or render untrusted data - and logs them to the browser console, including:
• DOM manipulation (innerHTML, outerHTML, document.write)
• JavaScript execution (eval, Function, setTimeout, setInterval)
• jQuery operations (html, append, after, etc.)
• Attribute modifications (href, src, formAction)
• Cookie access and location changes
• Header referrer as source given to a sink
• Session Storage as source data of a sink
• Local Storage as source data of a sink
Perfect for:
- Finding XSS (Cross-Site Scripting) vulnerabilities
- Auditing third-party JavaScript libraries
- Debugging complex web applications
- Understanding how data flows through a website
All monitoring happens locally in your browser - no data is collected or transmitted.
It hooks into common JavaScript "sinks" - functions and properties that can execute or render untrusted data - and logs them to the browser console, including:
• DOM manipulation (innerHTML, outerHTML, document.write)
• JavaScript execution (eval, Function, setTimeout, setInterval)
• jQuery operations (html, append, after, etc.)
• Attribute modifications (href, src, formAction)
• Cookie access and location changes
• Header referrer as source given to a sink
• Session Storage as source data of a sink
• Local Storage as source data of a sink
Perfect for:
- Finding XSS (Cross-Site Scripting) vulnerabilities
- Auditing third-party JavaScript libraries
- Debugging complex web applications
- Understanding how data flows through a website
All monitoring happens locally in your browser - no data is collected or transmitted.
由 1 位評論者給出 0 分
權限與資料
更多資訊