Show HN: Browser-based XSS scanner

This is a simple single-file python program that can find basic XSS (cross-site scripting) vulnerabilities in a target url. Most XSS discovery tools use a payload refelection strategy in which payloads are injected in url parameters and the GET response is inspected for places where the payload content is reflected. This is a very low precision XSS detection strategy because most reflection does not support execution.

This program uses a different approach, and instead opens the target url in a browser, tests alert(...) payloads directly in the browser context, and listens for an alert being triggered. This means that any XSS spotted by this program is extremely unlikely to be a false positive.


Comments URL: https://news.ycombinator.com/item?id=41251312

Points: 11

# Comments: 0

https://github.com/dshieble/playwright_xss_scanner

Creato 11mo | 15 ago 2024, 05:20:08


Accedi per aggiungere un commento

Altri post in questo gruppo

Show HN: Simple wrapper for Chrome's built-in local LLM (Gemini Nano)

Chrome now includes a native on-device LLM (Gemini Nano) starting in version 138. I've been building with it since it was in origin trials, it's powerful but the official Prompt API is still a bit

6 lug 2025, 21:50:14 | Hacker news
I extracted the safety filters from Apple Intelligence models

I managed to reverse engineer the encryption (refered to as “Obfuscation” in the framework) responsible for managing the safety filters of Apple Intelligence models. I have extracted them into a r

6 lug 2025, 21:50:11 | Hacker news