FEEDBACK: Include More Payloads about domscan HOT 2 CLOSED

Hi @Nishantbhagat57,

Before making a tool first do some research, Will this be better than any other tools available?

This tool was created for my own research and use cases in the first place. I felt like the approach of taking the console output into account when searching for client-side vulnerabilities would be of interesting to others, which led me to the decision to publish this tool. It is by no means "production-ready". This is v0.0.1 - the very first "useful" version.

But it can't even detect a simple XSS.

As outlined in the README, the tool comes with a basic set of payloads. Feel free to add your own! For instance, when adding the following payload to the payloads.json, the tool detects an alert():

[
  "\"/autofocus/onfocus=\"alert``"
]

At least it should pass all the XSS challenges of http://sudo.co.il/xss/ only then I can think of using this one over the others.

This is a good hint. I will consider adding more payloads and test them against test benches such as sudo.co.il/xss/.

And please understand, most of the modern websites have XSS mechanism in place that automatically blocks alert keyword. prompt is the new alert :)

Again, this partly depends on the payloads you use. But I agree, maybe it would be useful to hook another additional function within DOM that could be used to identify XSS. At the moment, I explicitly hook alert():

[...]
  // Hook the alert() function within the page and expose helper function
  await page.exposeFunction('alert', (message) => {
    printColorful('turquoise', `[+] alert() triggered for Payload ${currentPayload}: ${message}`)
  })
[...]

I will look into this, too, next week.

Best regards,

Lauritz

from domscan.

Hi there!

I added a custom xyz() method and more information regarding custom payloads: https://github.com/lauritzh/domscan/releases/tag/v0.0.2

from domscan.