KNOXSS Community Edition par Brute Logic
Tool for XSS (Cross-Site Scripting) discovery.
Vous avez besoin de Firefox pour utiliser cette extension
MĂ©tadonnĂ©es de lâextension
Captures dâĂ©cran
Ă propos de cette extension
KNOXSS Community Edition is a FREE standalone version of KNOXSS browser add-on designed to find the main XSS (Cross-Site Scripting) cases shown here.
In current version (beta 0.2.0) it can detect all XSS cases below for GET and POST requests. Just open one of the testing URLs and click on add-on's icon in your Firefox.
Main advantages include HIGH SPEED and GOOD EFFICIENCY to find covered cases in regular scenarios (exact reflection of input in response).
Unfortunately it's very prone to both false positive and false negative since it works by parsing the source code not by actual detection of JavaScript execution like main KNOXSS does.
Here are the URLs (XSS cases) for testing:
GET Method:
https://brutelogic.com.br/gxss.php?a=any
https://brutelogic.com.br/gxss.php?b1=any
https://brutelogic.com.br/gxss.php?b2=any
https://brutelogic.com.br/gxss.php?b3=any
https://brutelogic.com.br/gxss.php?b4=any
https://brutelogic.com.br/gxss.php?c1=any
https://brutelogic.com.br/gxss.php?c2=any
https://brutelogic.com.br/gxss.php?c3=any
https://brutelogic.com.br/gxss.php?c4=any
https://brutelogic.com.br/gxss.php?c5=any
https://brutelogic.com.br/gxss.php?c6=any
POST Method:
http://testphp.vulnweb.com/
https://demo.testfire.net/
https://brutelogic.com.br/pxss.php
Feedback is welcome @brutelogic.
In current version (beta 0.2.0) it can detect all XSS cases below for GET and POST requests. Just open one of the testing URLs and click on add-on's icon in your Firefox.
Main advantages include HIGH SPEED and GOOD EFFICIENCY to find covered cases in regular scenarios (exact reflection of input in response).
Unfortunately it's very prone to both false positive and false negative since it works by parsing the source code not by actual detection of JavaScript execution like main KNOXSS does.
Here are the URLs (XSS cases) for testing:
GET Method:
https://brutelogic.com.br/gxss.php?a=any
https://brutelogic.com.br/gxss.php?b1=any
https://brutelogic.com.br/gxss.php?b2=any
https://brutelogic.com.br/gxss.php?b3=any
https://brutelogic.com.br/gxss.php?b4=any
https://brutelogic.com.br/gxss.php?c1=any
https://brutelogic.com.br/gxss.php?c2=any
https://brutelogic.com.br/gxss.php?c3=any
https://brutelogic.com.br/gxss.php?c4=any
https://brutelogic.com.br/gxss.php?c5=any
https://brutelogic.com.br/gxss.php?c6=any
POST Method:
http://testphp.vulnweb.com/
https://demo.testfire.net/
https://brutelogic.com.br/pxss.php
Feedback is welcome @brutelogic.
Ăvaluez votre expĂ©rience
Soutenir ce développeur
Le dĂ©veloppeur de cette extension demande que vous lâaidiez Ă assurer la poursuite de son dĂ©veloppement en lui versant une petite contribution.
PermissionsEn savoir plus
Ce module a besoin de :
- Vous afficher des notifications
- Accéder aux onglets du navigateur
- AccĂ©der Ă lâactivitĂ© du navigateur pendant la navigation
- Accéder à vos données pour tous les sites web
Plus dâinformations
- Liens du module
- Version
- 0.2.0
- Taille
- 18,19Â Ko
- DerniĂšre mise Ă jour
- il y a 5 ans (12 août 2019)
- Catégories associées
- Licence
- Tous droits réservés
- Historique des versions
Ajouter Ă la collection
Notes de version pour la version 0.2.0
Added automatic capture of HTML forms to find XSS with POST method.
Added PoC for XSS with POST method.
Added PoC for XSS with POST method.
Plus de modules créés par Brute Logic
- Il nây a aucune note pour lâinstant
- Il nây a aucune note pour lâinstant
- Il nây a aucune note pour lâinstant
- Il nây a aucune note pour lâinstant
- Il nây a aucune note pour lâinstant
- Il nây a aucune note pour lâinstant