Skip to content

Releases: v8blink/Chromium-based-XSS-Taint-Tracking

Cyclops 0.3

05 Jun 23:29
@v8blink v8blink
v0.3
2564fa6
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Cyclops 0.3 Latest
Latest

location 可配置

允许修改或者 hook location 属性。如下图

Assets 3
Loading

Cyclops 0.2

01 Jun 01:49
@v8blink v8blink
v0.2
e3a5e69
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Cyclops 0.2

添加字符串方法 taint()taintset(),用于自定义污染信息,演示视频
taint() 用于返回当前字符串的污染信息,没有污染信息时返回软件说明信息。
taintset() 用于设定字符串的污染信息。
使用示例如下:
在 F12 开发者工具中,
a = "hello Cyclops";
a.taint()---->返回污染信息;
a.taintset("MySource")----> 设置 a 的污染信息为:"MySource" ;
注意 该方法是添加污染信息,而不是设置 Source 和 Sink,我还不能提供自定义 Source 和 Sink 的 API,因为涉及的源码很多,暂时没找到技术手段来提供 API。

Assets 3
Loading

Cyclops 0.1

26 May 22:58
@v8blink v8blink
v0.1
a0dde71
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Cyclops 0.1 Pre-release
Pre-release

基于 Chromium 源码的 XSS 检测工具,初来乍到,请多多关照!

Assets 3
Loading