Thursday, May 19, 2011
DOMinator - The DOM XSS Analyzer Tool
What is DOMinator?
DOMinator is a Firefox based software for analysis and identification of DOM Based Cross Site Scripting issues (DOMXss)It is the first runtime tool which can help security testers to identify DOMXss.
How it works?
It uses dynamic runtime tainting model on strings and can trace back taint propagation operations in order to understand if a DOMXss vulnerability is actually exploitable.You can have an introduction about the implementation flow and some interface description here
What are the possibilities?
In the topics of DOMXss possibilities are quite infinite.At the moment DOMinator can help in identifying reflected DOM Based Xss, but there is potential to extend it to stored DOMXss analysis.