Cronologjie versions di Eval Villain - 24 versions
Eval Villain di bemodtwz
Sta atent cu lis versions vecjis! Chês a vegnin visualizadis par finalitâts di prove e di riferiment.Tu varessis di doprâ simpri la ultime version di un component adizionâl.
Ultime version
Version 2.11
Publicât 13. nov. 2024 - 53,89 kBAl funzione cun firefox58.0 e sucessivisFixes bug where localStorage is not properly sourced
Improves encoder function for path search
Fixes mistake is sourcer debug statmentCodiç sorzint publicât sot licence Dome GNU General Public License v3.0
Versions plui vecjis
Version 2.10
Publicât 11. nov. 2024 - 53,74 kBAl funzione cun firefox58.0 e sucessivis* Copy Eval Villain Injection or Config from the configuration page and paste into any JavaScript file to get Eval Villain into other browsers or contexts.
* Better defaults for actual testing. Including CSPT and postMessage sinks.
* Set limits on source banks in the configuration page
* Lots of refactoringCodiç sorzint publicât sot licence Dome GNU General Public License v3.0
Version 2.9
Publicât 22. sep. 2023 - 41,75 kBAl funzione cun firefox48.0 e sucessivis* Use evSourcer to dynamically add to sources via instrumentation.
* Use evSinker as a dynamic sink to be used with instrumentation.
* EV now warns when it fails to load in a frame.
* Replace console.log with console.info in the web page to avoid the pages logs cluttering up Eval Villain output.Codiç sorzint publicât sot licence Dome GNU General Public License v3.0
Version 2.8
Publicât 9. mars 2023 - 40,88 kBAl funzione cun firefox48.0 e sucessivisFix output of regex needles without global flagCodiç sorzint publicât sot licence Dome GNU General Public License v3.0
Version 2.7
Publicât 6. feb. 2022 - 40,87 kBAl funzione cun firefox59.0 e sucessivisAdd function URLSearchParams.get to default config, disabled by default
Spelling fixes
Fix scope to preventing vars leaking into `window`Codiç sorzint publicât sot licence Dome GNU General Public License v3.0
Version 2.6
Publicât 26. juli 2021 - 41,02 kBAl funzione cun firefox59.0 e sucessivisConstructors (like `new Function`) are now hooked.
Better proto hooking (like `value(Range.createContextualFragment)`).Codiç sorzint publicât sot licence Dome GNU General Public License v3.0
Version 2.5
Publicât 28. apr. 2021 - 40,82 kBAl funzione cun firefox59.0 e sucessivisFix bug where you couldn't delete a config item
Provided encoder function will provide a second parameter now, using `encoder("payload", true)` should cause the payload to be inserted into the DOM XSS source.Codiç sorzint publicât sot licence Dome GNU General Public License v3.0
Version 2.4
Publicât 15. apr. 2021 - 40,57 kBAl funzione cun firefox59.0 e sucessivisFix minor bug for configuration name collisionsCodiç sorzint publicât sot licence Dome GNU General Public License v3.0
Version 2.3
Publicât 13. apr. 2021 - 40,48 kBAl funzione cun firefox59.0 e sucessivis* When a encoded source is found in a sink, a encoding function in JavaScript will be printed to the console. This function lets you see how Eval Villain decoded the source, and lets you quickly encode your own payloads.
* Large text will receive it's own closed console.group to improve readability.Codiç sorzint publicât sot licence Dome GNU General Public License v3.0
Version 2.2
Publicât 26. jan. 2021 - 41,24 kBAl funzione cun firefox59.0 e sucessivis2 Major Changes
* EV will now recursively decode DOM XSS sources for URL, base64 and JSON encoding. Decoded values will then be used to search input to the hooked functions.
* Blacklists were previously applied to all input. I found this to be mostly useless. Now blacklists are applied to decoded input sources. So you can blacklist `/^true$/` and a URL parameter that is set to `true` won't cause all `eval` calls containing `true` to be marked as interesting.Codiç sorzint publicât sot licence Dome GNU General Public License v3.0
Version 2.1
Publicât 14. juli 2020 - 41,25 kBAl funzione cun firefox59.0 e sucessivisIt is now safe to hook decodeURI, and decodeURIComponent. This can be helpful for finding where inputs are parsed.Codiç sorzint publicât sot licence Dome GNU General Public License v3.0
Version 2.0
Publicât 9. mars 2020 - 41,22 kBAl funzione cun firefox59.0 e sucessivisRefactoring should improve speed and performance.
Monitors sinks for window nameCodiç sorzint publicât sot licence Dome GNU General Public License v3.0
Version 1.11
Publicât 22. aug. 2019 - 40,49 kBAl funzione cun firefox59.0 e sucessivisTypes: enable/disable types that you are interested.Codiç sorzint publicât sot licence Dome GNU General Public License v3.0
Version 1.10
Publicât 6. aug. 2019 - 40,17 kBAl funzione cun firefox59.0 e sucessivisUsing `Reflect.apply` for proxying to reduce bugs. Thanks Mike Samuel!
Show argument types
Better handling of multiple arguments to a function.Codiç sorzint publicât sot licence Dome GNU General Public License v3.0
Version 1.9
Publicât 25. juni 2019 - 40,01 kBAl funzione cun firefox59.0 e sucessivisFeatures:
* Toggle Eval Villain with key commands
Bug fixes:
Functions are now hooked using `Proxy`. Eval Villain should break fewer pages. Reference: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/ProxyCodiç sorzint publicât sot licence Dome GNU General Public License v3.0
Version 1.8
Publicât 13. juni 2019 - 40,07 kBAl funzione cun firefox59.0 e sucessivisURL Decode bug fixCodiç sorzint publicât sot licence Dome GNU General Public License v3.0
Version 1.7
Publicât 11. juni 2019 - 40,01 kBAl funzione cun firefox59.0 e sucessivisFixed bug in query searchCodiç sorzint publicât sot licence Dome GNU General Public License v3.0
Version 1.6
Publicât 11. juni 2019 - 40,01 kBAl funzione cun firefox59.0 e sucessivisFunction hooks now handle multiple arguments
Hook `Function` if you want, likely to break webpages though
Bug fixes/improved query searchCodiç sorzint publicât sot licence Dome GNU General Public License v3.0
Version 1.5
Publicât 2. jan. 2019 - 36,47 kBAl funzione cun firefox59.0 e sucessivisHandles malformed URI encoding without breaking code flow.
Having console.log remapped by the page should no longer interfere with output.Codiç sorzint publicât sot licence Dome GNU General Public License v3.0
Version 1.4
Publicât 14. aug. 2018 - 36,4 kBAl funzione cun firefox59.0 e sucessivis, android de 59.0 ae 68.** fix URL decode logic bug
* No longer search for URL parameter names.Codiç sorzint publicât sot licence Dome GNU General Public License v3.0
Version 1.3
Publicât 10. aug. 2018 - 36,41 kBAl funzione cun firefox59.0 e sucessivis, android de 59.0 ae 68.** fixed a couple RegEx needle highlighting bugs
* fragment and query search now also check if the value has been URL decoded.Codiç sorzint publicât sot licence Dome GNU General Public License v3.0
Version 1.2
Publicât 7. aug. 2018 - 35,91 kBAl funzione cun firefox59.0 e sucessivis, android de 59.0 ae 68.*This version just improves the UI some.Codiç sorzint publicât sot licence Dome GNU General Public License v3.0
Version 1.1
Publicât 2. aug. 2018 - 36,06 kBAl funzione cun firefox59.0 e sucessivis, android de 59.0 ae 68.*Codiç sorzint publicât sot licence Dome GNU General Public License v3.0
Version 1.0
Publicât 2. aug. 2018 - 36,07 kBAl funzione cun firefox59.0 e sucessivis, android de 59.0 ae 68.*Codiç sorzint publicât sot licence Dome GNU General Public License v3.0