Sink Hooker av ayadim

"Sink Hooker" is a browser extension designed for security researchers, penetration testers, and developers to identify potential security vulnerabilities in web applications.

It hooks into common JavaScript "sinks" - functions and properties that can execute or render untrusted data - and logs them to the browser console, including:

• DOM manipulation (innerHTML, outerHTML, document.write)
• JavaScript execution (eval, Function, setTimeout, setInterval)
• jQuery operations (html, append, after, etc.)
• Attribute modifications (href, src, formAction)
• Cookie access and location changes
• Header referrer as source given to a sink
• Session Storage as source data of a sink
• Local Storage as source data of a sink

Perfect for:
- Finding XSS (Cross-Site Scripting) vulnerabilities
- Auditing third-party JavaScript libraries
- Debugging complex web applications
- Understanding how data flows through a website

All monitoring happens locally in your browser - no data is collected or transmitted.