RUB-NDS / AutoLeakLinks
Find XS-Leaks in the browser by diffing DOM-Graphs in two states
☆16Updated 4 months ago
Alternatives and similar repositories for AutoLeak
Users that are interested in AutoLeak are comparing it to the libraries listed below
Sorting:
- TheThing: an open-source tool to detect DOM Clobbering vulnerabilities☆49Updated last year
- List of Trusted Types bypasses☆93Updated last year
- XS-Leak Browser Test Suite☆81Updated last year
- Searcher for cross-site leaks (XS-Leaks)☆82Updated 2 years ago
- DOM Clobbering Wiki, Browser Testing, and Payload Generation☆51Updated last month
- CTF writeups☆30Updated 3 years ago
- Code for our 2023 IEEE S&P Paper "The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web"☆14Updated 5 months ago
- ☆16Updated 3 years ago
- ☆72Updated 3 years ago
- Client-Side Prototype Pollution Tools☆84Updated 3 years ago
- JAW: A Graph-based Security Analysis Framework for Client-side JavaScript☆107Updated 5 months ago
- Awesome MXSS ??☆50Updated 8 months ago
- Updated version of the ProtoBurp Extension, with enhanced features and capabilities to encode and fuzz custom protobuf messages☆36Updated last year
- ☆49Updated this week
- Guided Differential Fuzzing for HTTP Request Parsing Discrepancies☆17Updated last year
- This Chromium extensions aims at supporting the analysis of single sign-on implementations, by offering semi-automated analysis and attac…☆28Updated last year
- ☆84Updated 11 months ago
- This repository is a one-stop shop for diving deep into the fascinating world of mXSS (mutations caused by browser quirks in HTML parsing…☆22Updated 3 months ago
- Electron Research☆71Updated 3 years ago
- Demo of the URLClassLoader JAR-swapping showing the ability to replace and exploit an already loaded JAR with inner classes☆31Updated 2 years ago
- Proof of Concepts for unsafe deserialization in Ruby☆16Updated 7 months ago
- Same Origin XSS challenge☆61Updated 3 years ago
- Extension to log postMessage()☆12Updated this week
- Here i will post my writeups :)☆32Updated 2 years ago
- Prototype Pollution exploits collection☆34Updated 3 years ago
- Encode and Fuzz Custom Protobuf Messages in Burp Suite☆32Updated 3 months ago
- Fast exfiltration of text using only CSS and Ligatures☆50Updated last month
- A collection of my Semgrep rules☆49Updated last year
- Extract relative urls from a heap snapshot☆87Updated 4 years ago
- No longer maintained. Timing attacks on a browsers cache to try to predict websites/subreddits that have been viewed☆12Updated 3 years ago