This is a simple single-file python program that can find basic XSS (cross-site scripting) vulnerabilities in a target url. Most XSS discovery tools use a payload refelection strategy in which payloads are injected in url parameters and the GET response is inspected for places where the payload content is reflected. This is a very low precision XSS detection strategy because most reflection does not support execution.
This program uses a different approach, and instead opens the target url in a browser, tests alert(...) payloads directly in the browser context, and listens for an alert being triggered. This means that any XSS spotted by this program is extremely unlikely to be a false positive.
Comments URL: https://news.ycombinator.com/item?id=41251312
Points: 11
# Comments: 0
Accedi per aggiungere un commento
Altri post in questo gruppo
Article URL: https://davidgomes.com/async-queue-interview-ai/
Chrome now includes a native on-device LLM (Gemini Nano) starting in version 138. I've been building with it since it was in origin trials, it's powerful but the official Prompt API is still a bit
I managed to reverse engineer the encryption (refered to as “Obfuscation” in the framework) responsible for managing the safety filters of Apple Intelligence models. I have extracted them into a r
Article URL: https://github.com/MrLesk/Backlog.md
Comments URL: https://news.ycomb
Article URL: https://www.dwarkesh.com/p/timelines-june-2025
