RUB-NDS / AutoLeakLinks
Find XS-Leaks in the browser by diffing DOM-Graphs in two states
☆16Updated 5 months ago
Alternatives and similar repositories for AutoLeak
Users that are interested in AutoLeak are comparing it to the libraries listed below
Sorting:
- XS-Leak Browser Test Suite☆81Updated last year
- TheThing: an open-source tool to detect DOM Clobbering vulnerabilities☆50Updated last year
- Code for our 2023 IEEE S&P Paper "The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web"☆14Updated 6 months ago
- A collection of client-side libraries with HTML injection vulnerabilities and DOM clobbering gadgets.☆24Updated 3 months ago
- List of Trusted Types bypasses☆93Updated last year
- Searcher for cross-site leaks (XS-Leaks)☆82Updated 2 years ago
- DOM Clobbering Wiki, Browser Testing, and Payload Generation☆53Updated 2 months ago
- CTF writeups☆30Updated 3 years ago
- JAW: A Graph-based Security Analysis Framework for Client-side JavaScript☆108Updated 6 months ago
- ☆12Updated 2 years ago
- Informational Repository tracking times that real world bugs have come out of CTF challenges intentionally or otherwise☆63Updated 2 years ago
- Inti easter challenge poc☆18Updated 4 years ago
- A Web Platform API proposal for Blob URL☆10Updated 2 years ago
- This repository is a one-stop shop for diving deep into the fascinating world of mXSS (mutations caused by browser quirks in HTML parsing…☆23Updated 4 months ago
- ☆16Updated 3 years ago
- Grammar-based HTTP/2 fuzzer with mutation ability☆46Updated 2 years ago
- Same Origin XSS challenge☆61Updated 3 years ago
- This Chromium extensions aims at supporting the analysis of single sign-on implementations, by offering semi-automated analysis and attac…☆28Updated last year
- No longer maintained. Timing attacks on a browsers cache to try to predict websites/subreddits that have been viewed☆12Updated 3 years ago
- Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js☆68Updated last year
- Electron Research☆71Updated 3 years ago
- Proof of Concepts for unsafe deserialization in Ruby☆16Updated 8 months ago
- Guided Differential Fuzzing for HTTP Request Parsing Discrepancies☆17Updated last year
- XS-Leaks Wiki☆162Updated 3 weeks ago
- A web browser with dynamic data-flow tracking enabled in the Javascript engine and DOM, based on Mozilla Firefox (https://github.com/mozi…☆110Updated last week
- Awesome MXSS ??☆52Updated 8 months ago
- ☆33Updated 2 years ago
- ☆85Updated last year
- Fast exfiltration of text using only CSS and Ligatures☆53Updated 2 months ago
- WinDbg script to spoof origin and url of a renderer process in Chrome☆25Updated 4 years ago