cispa / xs-observations
Find leaky observation channels in browsers and XS-Leaks on websites
☆12Updated last year
Related projects: ⓘ
- XS-Leak Browser Test Suite☆69Updated 9 months ago
- DOM Clobbering Wiki, Browser Testing, and Payload Generation☆43Updated 9 months ago
- Find XS-Leaks in the browser by diffing DOM-Graphs in two states☆12Updated 9 months ago
- ☆83Updated 9 months ago
- List of Trusted Types bypasses☆79Updated 5 months ago
- TheThing: an open-source tool to detect DOM Clobbering vulnerabilities☆38Updated 10 months ago
- A collection of Server-Side Prototype Pollution gadgets and exploits☆124Updated 3 weeks ago
- ☆81Updated 2 months ago
- Here i will post my writeups :)☆31Updated last year
- Searcher for cross-site leaks (XS-Leaks)☆81Updated last year
- Useful configurations for the DomLogger++ extension☆23Updated last week
- XS-Leaks Wiki☆139Updated 3 weeks ago
- Challenges I wrote for various CTF competitions☆39Updated last month
- JAW: A Graph-based Security Analysis Framework for Client-side JavaScript☆91Updated 4 months ago
- ☆23Updated 6 months ago
- No longer maintained. Timing attacks on a browsers cache to try to predict websites/subreddits that have been viewed☆10Updated 2 years ago
- Same Origin XSS challenge☆56Updated 2 years ago
- PP-finder Help you find gadget for prototype pollution exploitation☆127Updated last month
- ✨ Build a beautiful and simple website in literally minutes. Demo at https://beautifuljekyll.com☆21Updated last year
- Client-Side Prototype Pollution Tools☆84Updated 2 years ago
- Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js☆52Updated 7 months ago
- CTF write-ups☆79Updated 3 weeks ago
- ☆12Updated this week
- ☆54Updated last year
- Demo of the URLClassLoader JAR-swapping showing the ability to replace and exploit an already loaded JAR with inner classes☆30Updated last year
- Exploiting XSS with Javascript/JPEG Polyglot (by @medusa_0xf)☆21Updated 2 years ago
- Cookie Crumbles: Breaking and Fixing Web Session Integrity☆23Updated last year
- ☆99Updated this week
- Obtain GraphQL API schema despite disabled introspection!☆50Updated 3 years ago
- A framework for the detection of COSI vulnerabilities / XS-Leaks☆11Updated last year