lcatro / cross_domain_postmessage_vuln_dig
WEB 跨域postMessage() 漏洞挖掘工具,基本原理:使用AJAX 获取页面代码,结合iframe 和data 协议构造测试环境,然后在iframe 下的window.onmessage 中插入hook 监控onmessage 的参数,最后通过能否被原来的onmessage 逻辑引用参数中的data 属性来判断是否可以跨域传递数据..
☆11Updated 8 years ago
Related projects ⓘ
Alternatives and complementary repositories for cross_domain_postmessage_vuln_dig
- 针对PHP网马的正则查杀☆12Updated 6 years ago
- Penetration Test Framwork☆22Updated 6 years ago
- 分布式的sqlmapapi☆11Updated 8 years ago
- ☆14Updated 6 years ago
- safe_tools☆27Updated 6 years ago
- ☆11Updated 8 years ago
- Eagle is a Web Application Attack and Audit Framework. Eagle has moved to Bitbucket.☆11Updated 8 years ago
- 一些漏洞场景的还原,基于https://www.exploit-db.com/☆36Updated 6 years ago
- S2-055的环境,基于rest-show-case改造☆37Updated 6 years ago
- ☆18Updated 6 years ago
- ☆10Updated 10 years ago
- CVE-2017-0199☆16Updated 7 years ago
- Enterprise Security Response Center Development Framework☆11Updated 7 years ago
- 将自动爬虫的结果判断是否属于hooks,并不断抓取url爬啊爬。☆31Updated 7 years ago
- 通过 Webshell 创建 BugScan 节点(需要目标支持 Python2.7)☆14Updated 8 years ago
- TomcatBrute tool☆12Updated 8 years ago
- Struts2 Vuls Scanner base perl script☆21Updated 8 years ago
- DNS log http://zone.wooyun.org/content/27119☆21Updated 8 years ago
- Xss Scaner☆40Updated 11 years ago