RUB-NDS / AutoLeakLinks
Find XS-Leaks in the browser by diffing DOM-Graphs in two states
☆16Updated 7 months ago
Alternatives and similar repositories for AutoLeak
Users that are interested in AutoLeak are comparing it to the libraries listed below
Sorting:
- List of Trusted Types bypasses☆101Updated last year
- XS-Leak Browser Test Suite☆83Updated last year
- TheThing: an open-source tool to detect DOM Clobbering vulnerabilities☆51Updated last year
- A collection of client-side libraries with HTML injection vulnerabilities and DOM clobbering gadgets.☆33Updated 5 months ago
- XS-Leaks Wiki☆169Updated 3 months ago
- DOM Clobbering Wiki, Browser Testing, and Payload Generation☆55Updated 4 months ago
- Searcher for cross-site leaks (XS-Leaks)☆82Updated 2 years ago
- JAW: A Graph-based Security Analysis Framework for Client-side JavaScript☆111Updated 8 months ago
- ☆16Updated 4 years ago
- A curated list of awesome browser security learning material.☆143Updated 2 years ago
- ☆72Updated 3 years ago
- Prototype Pollution exploits collection☆35Updated 4 years ago
- CTF writeups☆30Updated 3 years ago
- Proof of Concepts for unsafe deserialization in Ruby☆17Updated 10 months ago
- This repository is a one-stop shop for diving deep into the fascinating world of mXSS (mutations caused by browser quirks in HTML parsing…☆24Updated 6 months ago
- Companion labs to "An Exploration of JSON Interoperability Vulnerabilities"☆209Updated 2 years ago
- Informational Repository tracking times that real world bugs have come out of CTF challenges intentionally or otherwise☆62Updated 2 years ago
- Puppeteer based crawler to measure email and password exfiltration☆24Updated 3 years ago
- ☆87Updated last year
- A collection of my Semgrep rules☆49Updated 2 years ago
- Resources for Browser Security Research☆44Updated 2 years ago
- Client-Side Prototype Pollution Tools☆85Updated 3 years ago
- Electron Research☆71Updated 3 years ago
- Code for our 2023 IEEE S&P Paper "The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web"☆14Updated 8 months ago
- Playground☆33Updated last week
- A curated list of argument injection vectors☆41Updated 7 months ago
- A web server designed to shut off on command to exploit DNS rebinding in Chromium-based browsers☆14Updated 2 years ago
- ☆12Updated 2 years ago
- Awesome MXSS ??☆52Updated 11 months ago
- TheHulk is a dynamic analysis tool designed to detect and exploit DOM Clobbering vulnerabilities.☆53Updated last week