cispa / xs-observations

Related projects: ⓘ

• RUB-NDS / xsinator.com
  XS-Leak Browser Test Suite
  ☆69Updated 9 months ago
• SoheilKhodayari / DOMClobbering
  DOM Clobbering Wiki, Browser Testing, and Payload Generation
  ☆43Updated 9 months ago
• RUB-NDS / AutoLeak
  Find XS-Leaks in the browser by diffing DOM-Graphs in two states
  ☆12Updated 9 months ago
• hackvertor / blind-css-exfiltration
  ☆83Updated 9 months ago
• shhnjk / cursed_types
  List of Trusted Types bypasses
  ☆79Updated 5 months ago
• SoheilKhodayari / TheThing
  TheThing: an open-source tool to detect DOM Clobbering vulnerabilities
  ☆38Updated 10 months ago
• KTH-LangSec / server-side-prototype-pollution
  A collection of Server-Side Prototype Pollution gadgets and exploits
  ☆124Updated 3 weeks ago
• google / protobuf-extensibility-for-burp
  ☆81Updated 2 months ago
• BrunoHalltari / CTF-Writeups
  Here i will post my writeups :)
  ☆31Updated last year
• Philesiv / XSLeaker
  Searcher for cross-site leaks (XS-Leaks)
  ☆81Updated last year
• matanber / domlogger-configs
  Useful configurations for the DomLogger++ extension
  ☆23Updated last week
• xsleaks / wiki
  XS-Leaks Wiki
  ☆139Updated 3 weeks ago
• zeyu2001 / My-CTF-Challenges
  Challenges I wrote for various CTF competitions
  ☆39Updated last month
• SoheilKhodayari / JAW
  JAW: A Graph-based Security Analysis Framework for Client-side JavaScript
  ☆91Updated 4 months ago
• google / bughunters
  ☆23Updated 6 months ago
• NDevTK / CacheAttack
  No longer maintained. Timing attacks on a browsers cache to try to predict websites/subreddits that have been viewed
  ☆10Updated 2 years ago
• terjanq / same-origin-xss
  Same Origin XSS challenge
  ☆56Updated 2 years ago
• yeswehack / pp-finder
  PP-finder Help you find gadget for prototype pollution exploitation
  ☆127Updated last month
• 0xGodson / blogs
  ✨ Build a beautiful and simple website in literally minutes. Demo at https://beautifuljekyll.com
  ☆21Updated last year
• BlackFan / cspp-tools
  Client-Side Prototype Pollution Tools
  ☆84Updated 2 years ago
• KTH-LangSec / silent-spring
  Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js
  ☆52Updated 7 months ago
• justcatthefish / ctf-writeups
  CTF write-ups
  ☆79Updated 3 weeks ago
• sambrow / ctf-writeups-2021
  ☆12Updated this week
• Rhynorater / rebindMultiA
  ☆54Updated last year
• fransr / hot-jar-swapping-urlclassloader
  Demo of the URLClassLoader JAR-swapping showing the ability to replace and exploit an already loaded JAR with inner classes
  ☆30Updated last year
• simplylu / jpeg_polyglot_xss
  Exploiting XSS with Javascript/JPEG Polyglot (by @medusa_0xf)
  ☆21Updated 2 years ago
• SecPriv / cookiecrumbles
  Cookie Crumbles: Breaking and Fixing Web Session Integrity
  ☆23Updated last year
• Ophion-Security / sret
  ☆99Updated this week
• y0k4i-1337 / clairvoyancex
  Obtain GraphQL API schema despite disabled introspection!
  ☆50Updated 3 years ago
• SoheilKhodayari / Basta-COSI
  A framework for the detection of COSI vulnerabilities / XS-Leaks
  ☆11Updated last year