DOMLogger++ by Kévin (Mizu)
DOMLogger++ allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.
267 Users267 Users
You’ll need Firefox to use this extension
Extension Metadata
Screenshots
About this extension
Description:
DOMLogger++ is a browser extension developed for web developers and security researchers. It hooks into specific JavaScript sinks, helping users understand how web scripts operate. With customizable JSON settings, users can adjust how the extension works according to their needs.
This tool is especially useful for those looking to identify security risks in web applications. By offering insights into JavaScript interactions, DOMLogger++ can help spot potential vulnerabilities in websites.
Features:
- [x] Regex-based domain management.
- [x] Flexible hooking configuration (class, function, attribute, event).
- [x] Regex-based hooks arguments and stack trace filtering (match, !match, matchTrace, !matchTrace).
- [x] Dynamic regex generation (exec:).
- [x] Dynamic sinks arguments update (hookFunction).
- [x] Customizable notifications system (alert, notification).
- [x] Required hook logging condition (requiredHook).
- [x] On-demand debugging breakpoints.
- [x] Integrated Devtools log panel.
- [x] Response headers filtering.
- [x] Remote logging via webhooks.
- [x] Extensive theme customization.
DOMLogger++ is a browser extension developed for web developers and security researchers. It hooks into specific JavaScript sinks, helping users understand how web scripts operate. With customizable JSON settings, users can adjust how the extension works according to their needs.
This tool is especially useful for those looking to identify security risks in web applications. By offering insights into JavaScript interactions, DOMLogger++ can help spot potential vulnerabilities in websites.
Features:
- [x] Regex-based domain management.
- [x] Flexible hooking configuration (class, function, attribute, event).
- [x] Regex-based hooks arguments and stack trace filtering (match, !match, matchTrace, !matchTrace).
- [x] Dynamic regex generation (exec:).
- [x] Dynamic sinks arguments update (hookFunction).
- [x] Customizable notifications system (alert, notification).
- [x] Required hook logging condition (requiredHook).
- [x] On-demand debugging breakpoints.
- [x] Integrated Devtools log panel.
- [x] Response headers filtering.
- [x] Remote logging via webhooks.
- [x] Extensive theme customization.
Rated 5 by 3 reviewers
Permissions and dataLearn more
Required permissions:
- Extend developer tools to access your data in open tabs
- Display notifications to you
- Access browser tabs
- Access your data for all websites
More information
- Add-on Links
- Version
- 1.0.9
- Size
- 780.03 KB
- Last updated
- 11 days ago (Sep 3, 2025)
- Related Categories
- License
- MIT License
- Version History
- Add to collection
Release notes for 1.0.9
Added
Updated
Fixed
- Full Caido session handling has been added (this is going to be useful with a plugin that should be released in October 2025).
- It's now possible to supply the sink debug canary from the 'domloggerpp-canary' get parameter.
- The settings webhook tab has been improved to make it fully configurable.
- A new dompurify-bypass-replace.json config file is available, allowing tracking of DOMPurify sanitization to find replace misconfigurations.
- A new domloggerpp.utils has been added to create notifications from the DOM.
- The cspt.json config file has been updated to no longer log in devtools but only console.log + create a notification.
Updated
- The postmessages.json config file has been updated to add colored console.log inspired by postMessage-tracker.
- Stack trace parsing has been improved using '# sourceURL='.
- Internal finding attributes have been renamed: hook → type, type → tag.
- Date format has been updated to use 'toLocaleString'.
- Canaries are now encoded with base64 instead of using sha256 to improve performance.
- Stopped using a custom sha256 implementation on https websites to avoid performance issues on most websites.
- Internal data flow has been improved to always use actions.
Fixed
- Small issue in stringify breaking some conversions (#41) (Thanks @vitorfhc).
- New config creation had "removeHeaders" for no reason.
- The GreHack workshop has been fixed based on the recent update (i.e., custom hooking handling).
- Fixed a bug regarding custom hooking which was crashing in getTargets with null/undefined objects (#44) (Thanks @abdilahrf).
- The Chromium devtools 'desync' has been fixed. It should no longer be required to close / reopen devtools to update the data on Chromium.
- Fixed a bug which was blocking multiple custom attribute hookings on the same object.
- Forced default value on the datatable to ensure no errors are created in case of weird postMessages.
More extensions by Kévin (Mizu)
There are no ratings yet- There are no ratings yet
- There are no ratings yet
- There are no ratings yet
- There are no ratings yet
- There are no ratings yet