Tracy
用户量:631大小:899KiB版本:v 0.9.2更新时间:2021-12-21
A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.
Tracy 的使用方法详解,最全面的教程
Tracy 描述:
用户数:631
分类:开发者工具插件
扩展大小:899 KiB
最后更新时间:2021-12-21
版本:v 0.9.2
Tracy 插件简介:
这是来自Chrome商店的 Tracy 浏览器插件,您可以在当前页面下载它的最新版本安装文件,并安装在Chrome、Edge等浏览器上。
Tracy插件下载方法/流程:
点击下载按钮,关注“扩展迷Extfans”公众号并获取验证码,在网页弹窗中输入验证码,即可下载最新安装文件。
Tracy插件安装教程/方法:
(1)将扩展迷上下载的安装包文件(.zip)解压为文件夹,其中类型为“crx”的文件就是接下来需要用到的安装文件
(2) 从设置->更多工具->扩展程序 打开扩展程序页面,或者地址栏输入 Chrome://extensions/ 按下回车打开扩展程序页面
(3) 打开扩展程序页面的“开发者模式”
(4) 将crx文件拖拽到扩展程序页面,
完成安装如有其它安装问题,
请扫描网站底部二维码与客服联系如有疑问请参考:
https://www.extfans.com/installation/There are many different ways to trigger XSS, especially considering the large number of frontend frameworks that have been made popular in the last few years. For example, some of the less traditional ways of exploiting XSS can be through:
* DOM clobbering
* DOM injection
* Frontend template injection
* Backend template injection
* Open redirects
These attack vectors are significantly different than traditional stored and reflected XSS cases and they require new tools for finding them effectively.
Many similar tools only look for server response reflection, however this is not very helpful if all output encoding is performed by the frontend. In order to really gain knowledge about all the true sinks of the application, we need a tool that grants us "X-ray vision into the DOM".
This extensions was written with the goal of eliminating XSS by assisting a penetration tester in identifying every source of input into an application and following that input to all of its sinks. These cases are documented and stored as references that can be used to identify the locations of potentially risky input.
