cispa / xs-observationsLinks
Code for our 2023 IEEE S&P Paper "The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web"
☆14Updated 6 months ago
Alternatives and similar repositories for xs-observations
Users that are interested in xs-observations are comparing it to the libraries listed below
Sorting:
- DOM Clobbering Wiki, Browser Testing, and Payload Generation☆53Updated 2 months ago
- Find XS-Leaks in the browser by diffing DOM-Graphs in two states☆16Updated 5 months ago
- A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon☆10Updated 11 months ago
- This repository is a one-stop shop for diving deep into the fascinating world of mXSS (mutations caused by browser quirks in HTML parsing…☆23Updated 4 months ago
- TheThing: an open-source tool to detect DOM Clobbering vulnerabilities☆50Updated last year
- List of Trusted Types bypasses☆93Updated last year
- ☆26Updated last month
- XS-Leak Browser Test Suite☆81Updated last year
- A collection of client-side libraries with HTML injection vulnerabilities and DOM clobbering gadgets.☆24Updated 3 months ago
- Searcher for cross-site leaks (XS-Leaks)☆82Updated 2 years ago
- JAW: A Graph-based Security Analysis Framework for Client-side JavaScript☆108Updated 6 months ago
- Awesome MXSS ??☆52Updated 8 months ago
- Useful configurations for the DomLogger++ extension☆35Updated 9 months ago
- ☆111Updated last year
- PP-finder Help you find gadget for prototype pollution exploitation☆164Updated 10 months ago
- Here i will post my writeups :)☆32Updated 2 years ago
- Fast exfiltration of text using only CSS and Ligatures☆53Updated 2 months ago
- ✨ Build a beautiful and simple website in literally minutes. Demo at https://beautifuljekyll.com☆21Updated 2 years ago
- ☆85Updated last year
- ☆25Updated 6 months ago
- This is the data that powers the PortSwigger URL validation bypass cheat sheet.☆50Updated last month
- Same Origin XSS challenge☆61Updated 3 years ago
- Find all libraries on cdn.js that pollute your prototype☆18Updated 2 years ago
- Client-Side Prototype Pollution Tools☆84Updated 3 years ago
- Proof of Concepts for unsafe deserialization in Ruby☆16Updated 8 months ago
- ☆16Updated 3 years ago
- A collection of Server-Side Prototype Pollution gadgets and exploits☆190Updated 4 months ago
- HTML Universal Identifier☆68Updated 6 months ago
- Guided Differential Fuzzing for HTTP Request Parsing Discrepancies☆17Updated last year
- Puppeteer based crawler to measure email and password exfiltration☆23Updated 3 years ago