DOMLogger++ door Kévin (Mizu)
DOMLogger++ allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.
267 gebruikers267 gebruikers
U hebt Firefox nodig om deze extensie te gebruiken
Metagegevens van extensie
Schermafbeeldingen
Over deze extensie
Description:
DOMLogger++ is a browser extension developed for web developers and security researchers. It hooks into specific JavaScript sinks, helping users understand how web scripts operate. With customizable JSON settings, users can adjust how the extension works according to their needs.
This tool is especially useful for those looking to identify security risks in web applications. By offering insights into JavaScript interactions, DOMLogger++ can help spot potential vulnerabilities in websites.
Features:
- [x] Regex-based domain management.
- [x] Flexible hooking configuration (class, function, attribute, event).
- [x] Regex-based hooks arguments and stack trace filtering (match, !match, matchTrace, !matchTrace).
- [x] Dynamic regex generation (exec:).
- [x] Dynamic sinks arguments update (hookFunction).
- [x] Customizable notifications system (alert, notification).
- [x] Required hook logging condition (requiredHook).
- [x] On-demand debugging breakpoints.
- [x] Integrated Devtools log panel.
- [x] Response headers filtering.
- [x] Remote logging via webhooks.
- [x] Extensive theme customization.
DOMLogger++ is a browser extension developed for web developers and security researchers. It hooks into specific JavaScript sinks, helping users understand how web scripts operate. With customizable JSON settings, users can adjust how the extension works according to their needs.
This tool is especially useful for those looking to identify security risks in web applications. By offering insights into JavaScript interactions, DOMLogger++ can help spot potential vulnerabilities in websites.
Features:
- [x] Regex-based domain management.
- [x] Flexible hooking configuration (class, function, attribute, event).
- [x] Regex-based hooks arguments and stack trace filtering (match, !match, matchTrace, !matchTrace).
- [x] Dynamic regex generation (exec:).
- [x] Dynamic sinks arguments update (hookFunction).
- [x] Customizable notifications system (alert, notification).
- [x] Required hook logging condition (requiredHook).
- [x] On-demand debugging breakpoints.
- [x] Integrated Devtools log panel.
- [x] Response headers filtering.
- [x] Remote logging via webhooks.
- [x] Extensive theme customization.
Met 5 gewaardeerd door 3 beoordelaars
Toestemmingen en gegevensMeer info
Vereiste machtigingen:
- Ontwikkelaarshulpmiddelen uitbreiden om uw gegevens in open tabbladen te benaderen
- Notificaties weergeven
- Browsertabbladen benaderen
- Uw gegevens voor alle websites benaderen
Meer informatie
- Add-on-koppelingen
- Versie
- 1.0.9
- Grootte
- 780,03 KB
- Laatst bijgewerkt
- 10 dagen geleden (3 sep. 2025)
- Verwante categorieën
- Licentie
- MIT-licentie
- Versiegeschiedenis
- Toevoegen aan collectie
Uitgaveopmerkingen voor 1.0.9
Added
Updated
Fixed
- Full Caido session handling has been added (this is going to be useful with a plugin that should be released in October 2025).
- It's now possible to supply the sink debug canary from the 'domloggerpp-canary' get parameter.
- The settings webhook tab has been improved to make it fully configurable.
- A new dompurify-bypass-replace.json config file is available, allowing tracking of DOMPurify sanitization to find replace misconfigurations.
- A new domloggerpp.utils has been added to create notifications from the DOM.
- The cspt.json config file has been updated to no longer log in devtools but only console.log + create a notification.
Updated
- The postmessages.json config file has been updated to add colored console.log inspired by postMessage-tracker.
- Stack trace parsing has been improved using '# sourceURL='.
- Internal finding attributes have been renamed: hook → type, type → tag.
- Date format has been updated to use 'toLocaleString'.
- Canaries are now encoded with base64 instead of using sha256 to improve performance.
- Stopped using a custom sha256 implementation on https websites to avoid performance issues on most websites.
- Internal data flow has been improved to always use actions.
Fixed
- Small issue in stringify breaking some conversions (#41) (Thanks @vitorfhc).
- New config creation had "removeHeaders" for no reason.
- The GreHack workshop has been fixed based on the recent update (i.e., custom hooking handling).
- Fixed a bug regarding custom hooking which was crashing in getTargets with null/undefined objects (#44) (Thanks @abdilahrf).
- The Chromium devtools 'desync' has been fixed. It should no longer be required to close / reopen devtools to update the data on Chromium.
- Fixed a bug which was blocking multiple custom attribute hookings on the same object.
- Forced default value on the datatable to ensure no errors are created in case of weird postMessages.
Meer extensies van Kévin (Mizu)
Er zijn nog geen waarderingen- Er zijn nog geen waarderingen
- Er zijn nog geen waarderingen
- Er zijn nog geen waarderingen
- Er zijn nog geen waarderingen
- Er zijn nog geen waarderingen