lcatro / cross_domain_postmessage_vuln_dig
WEB 跨域postMessage() 漏洞挖掘工具,基本原理:使用AJAX 获取页面代码,结合iframe 和data 协议构造测试环境,然后在iframe 下的window.onmessage 中插入hook 监控onmessage 的参数,最后通过能否被原来的onmessage 逻辑引用参数中的data 属性来判断是否可以跨域传递数据..
☆11Updated 8 years ago
Alternatives and similar repositories for cross_domain_postmessage_vuln_dig:
Users that are interested in cross_domain_postmessage_vuln_dig are comparing it to the libraries listed below
- ☆14Updated 6 years ago
- 分布式的sqlmapapi☆11Updated 8 years ago
- 针对PHP网马的正则查杀☆12Updated 7 years ago
- 基于Linux c开发的插件式扫描器(Python/lua)☆35Updated 8 years ago
- Penetration Test Framwork☆22Updated 6 years ago
- Eagle is a Web Application Attack and Audit Framework. Eagle has moved to Bitbucket.☆11Updated 8 years ago
- Xss Scaner☆40Updated 11 years ago
- 浏览器XSS 过滤器Fuzzing 框架 (browser xss aduit fuzzing framework )..☆15Updated 8 years ago
- DNS log http://zone.wooyun.org/content/27119☆21Updated 8 years ago
- CTF线下没有py,只有搞基!☆18Updated 7 years ago
- ☆18Updated 6 years ago
- discuz-plugin-scan☆21Updated 9 years ago
- cloudsafe 云安全扫描☆23Updated 11 years ago
- ☆10Updated 10 years ago
- S2-055的环境,基于rest-show-case改造☆37Updated 7 years ago
- simple http(s) proxy with python based sqlmapapi wrapper☆10Updated 9 years ago
- 这里会收集各种类型的CVE PoC 和EXP ,仅用来学习漏洞挖掘相关技术..☆30Updated 8 years ago
- ☆9Updated 7 years ago
- 常见端口及服务弱口令扫描☆9Updated 8 years ago
- CVE-2017-0199☆16Updated 7 years ago
- 一个监控 pastebin 的敏感内容,并发微博的 bot☆15Updated 7 years ago