Friday, June 24, 2011

DOM Snitch - a passive reconnaissance tool inside the DOM

DOM Snitch is an experimental Chrome extension that enables non-security testers identify common bad practices when producing client-side code and security testers gain better understanding of the transformations that occur within the DOM.

DOM Snitch works by injecting a series of interceptors, also referred to as “hooks”, that allow the tool to listen when a page interacts with key (and sometimes dangerous) browser infrastructure such as window.postMessage, window.eval, or document.write (a complete list of the hooks is available here). Once a hook has been triggered, DOM Snitch gathers and stores various debug information from the execution stack (details are available here). If configured to modify data on the fly, DOM Snitch will wait for the tester to modify the used data as needed before letting normal execution to proceed.


1 comment:

jagini kotesh said...

Metasploit network security software,Thanks for sharing such an informative article.

Download Metasploit network security software