A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
☆16Jul 17, 2024Updated last year
Alternatives and similar repositories for postMessage-tracker
Users that are interested in postMessage-tracker are comparing it to the libraries listed below
Sorting:
- CSS injection requires an attacker to load a standalone CSS file to leak HTML tag attributes.☆20Apr 19, 2024Updated last year
- Code for our 2023 IEEE S&P Paper "The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web"☆14Dec 12, 2024Updated last year
- A collection of js analysis tools & scripts.☆19Feb 13, 2026Updated 2 weeks ago
- Caido's passive workflow to find potential leaked secrets, PII, and sensitive fields.☆20Jan 13, 2025Updated last year
- Extension to log postMessage()☆15Feb 17, 2026Updated last week
- Gather pagegraph data from all over the internet☆28Updated this week
- Useful configurations for the DomLogger++ extension☆48Sep 7, 2024Updated last year
- Pretty visualization of visited countries☆23Jan 7, 2026Updated last month
- Puppeteer based crawler to measure email and password exfiltration☆26Jan 7, 2026Updated last month
- Injecting into SELinux-protected system service processes under root on Android.☆50Feb 28, 2024Updated 2 years ago
- This tool automates the process of running FFUF (Fuzz Faster U Fool) and post-processing its results to extract valid URLs. It supports b…☆36Nov 5, 2024Updated last year
- Navigation-based Tracking Mitigations☆49Mar 25, 2025Updated 11 months ago
- ☆19Updated this week
- A Collection of Proof of Concepts for non-published Web Exploits and Common CVEs☆10Nov 29, 2020Updated 5 years ago
- SmaliAnalyzer parses dissasembled bytecode of Android applications to gather as much information as possible about their component classe…☆13Apr 17, 2019Updated 6 years ago
- Curso realizado por Ricardo Narvaja de CrackLatinos (Mirror) http://ricardonarvaja.info☆12May 28, 2018Updated 7 years ago
- Burp Suite extension to detect Web Cache Deception vulnerabilities, now compatible with the Community Edition. Automates advanced cache …☆16Nov 18, 2025Updated 3 months ago
- ☆13Oct 15, 2024Updated last year
- Challenge handouts, source code, and solutions for UofTCTF 2026☆37Jan 13, 2026Updated last month
- A Node.js package to fetch statistics from the Chrome Web Store☆12May 6, 2024Updated last year
- Useful scripts for tampermonkey that I used during bug hunting. Will be updated "au fil de l'eau"☆17Jun 2, 2025Updated 8 months ago
- An Analysis of the Impact of Browser Features on Fingerprintability and Web Privacy☆14Oct 23, 2024Updated last year
- How to create a valid polyglot HTML/JS/WebAssembly module -☆12Oct 15, 2020Updated 5 years ago
- Farm-to-table, organic, handcrafted, delicious Webassembly☆14Dec 7, 2021Updated 4 years ago
- Framework which makes large scale crawling of URLs with VisibleV8 easy.☆11Jan 28, 2026Updated last month
- Clickme is a powerful multi-step clickjacking tool designed for security professionals. Create, visualize, and demonstrate complex clickj…☆14Sep 4, 2025Updated 5 months ago
- This lab is for **EDUCATIONAL PURPOSES ONLY**. Use it responsibly and only on systems you own or have explicit permission to test. Do not…☆17Feb 20, 2026Updated last week
- Collection of rules for Static Application Security Testing (SAST) with Semgrep☆12Apr 16, 2025Updated 10 months ago
- All Shell In One. Generate Reverse Shells and/or generate single code that runs all the payloads.☆10Mar 25, 2021Updated 4 years ago
- Passive JavaScript reconnaissance for penetration testers — bridging Burp Suite traffic into structured, AST-based analysis in VSCode.☆36Feb 5, 2026Updated 3 weeks ago
- Simple Flutter app to make API calls☆10Mar 8, 2019Updated 6 years ago
- A first look at browser-based Cryptojacking☆16Jun 7, 2018Updated 7 years ago
- brave-browser https://brave.com/ 🐳☆11Oct 11, 2025Updated 4 months ago
- The Tangled Genealogy of IoT Malware☆12Jan 5, 2021Updated 5 years ago
- ☆15Aug 27, 2020Updated 5 years ago
- CVE-2024-34102: Unauthenticated Magento XXE☆14Jan 12, 2025Updated last year
- ✒️ Every cybersecurity CTF challenge I've ever authored! o(^▽^)o☆14May 14, 2024Updated last year
- Raku HTTP request, response, and message body parsing grammar☆11Sep 8, 2022Updated 3 years ago
- Security and Privacy Failures in Popular 2FA Apps☆20Oct 5, 2023Updated 2 years ago