Skip to content
This repository has been archived by the owner on May 17, 2022. It is now read-only.

Releases: NetSPI/xssValidator

Authorization Headers

18 Feb 04:42
@forced-request forced-request
1.3.1
e6a5230
Compare
Choose a tag to compare
Authorization Headers Latest
Latest

This release fixes a bug described in #14 in which authorization headers were not being properly passed to the xss detectors.

All of the HTTP request headers will now be passed directly to xss detectors.

Assets 2
Loading

Active Scanner, DOM-XSS and more

31 Dec 02:36
@forced-request forced-request
1.3.0
d207d8f
Compare
Choose a tag to compare
Active Scanner, DOM-XSS and more 
1.3.0

Merged scanner and develop
Assets 2
Loading

Event Handlers

27 Aug 02:20
@forced-request forced-request
v1.2.0
e543469
Compare
Choose a tag to compare
Event Handlers

Thanks to @f-block for adding the ability to test vulnerabilities introduced via event handlers, such as onmouseout. When phantom.js receives a response it is designed to hover on each element of the page, in an attempt to trigger the appropriate event handlers.

Cleaned up the GUI a bit, and added the ability to dynamically generated payloads (thanks again, @f-block)

Assets 2
Loading

Slimer.JS Implemented

15 Jun 18:40
@forced-request forced-request
V1.1.0
e543469
Compare
Choose a tag to compare
Slimer.JS Implemented
  • _Slimer.JS_ Added support for slimer.js, a scriptable gecko engine.
Assets 2
Loading