JSXtract 作者: Device1
JSXtract is a security research tool used to pull various type of data from JS files that exist within a selected tab.
必須使用 Firefox 才能使用此擴充套件
擴充套件後設資料
關於此擴充套件
This tool is a great way to get an initial look on what may exist within the application. You can use the tool to get some basic data such as urls, endpoints and parameters or get a good initial look of sinks, postmessages and then go deeper from there etc.
How it's used
- First the user should open dev tools and check which domains the JS files of the application are from i.e. netflix uses nflxext.com, in which case you'd place something like "nflx" into the whitelist input (this input is comma separated array i.e. nflx,netflix), which will then get all JS files from sources which include "nflx" in them. The whitelist was created to separate thirdparty JS from the applications JS files.
- Second you'd press start and a new tab called "results" opens up in your browser which allows you to see the data which we're found through various regex.
Results
- Urls
- Endpoints
- Parameters
- Sinks (various sinks with a bit of context)
- PostMessages (These also have a bit of context)
- Misc. (These are values of .get() & .set() with some context)
The regex used
Urls: > /https?:\/\/[a-zA-Z0-9.-_\/\${}:]+/g
Endpoints: > /(?<=[\"\'])\/[a-zA-Z0-9-._\/\${}:]{2,}/g
Parameters: > /(?<=\?)[a-zA-Z0-9-_]{2,}(?==)/g
Misc.: > /[()[]{}\w]{0,20}.[sg]et([\"\'][^\"\']+[\"\'][^)]*)/g
Sinks: > /document.(write(ln)([^)]+)|domain\s?=\s?[^;)]}]{1,300})|.(innerHTML|outerHTML|insertAdjacentHTML|onevent|srcdoc)\s?[=]\s?[^;]{1,300};|dangerouslySetInnerHTML[=:]\s?{?[^;}]{1,300}[;}]|location.(host|hostname|href|pathname|search|protocol)\s?=[^;]{1,300};|location.(assign(|replace()[^)]{1,300})|document.cookie\s?=\s?[^;]{1,300};|(eval(uate)?|execCommand|execScript)([^)]+)|.(href|src|action)\s?=\s?[^;]{1,300};|FileReader.(readAsArrayBuffer|readAsBinaryString|readAsDataURL|readAsText|readAsFile|root.getFile)([^)]{1,300})/g
PostMessages: > /postMessage(.{1,300});|addEventListener([\'\"]message[\'\"].{1,300});/g
Github
https://github.com/Antp1k/jsxtract/
How it's used
- First the user should open dev tools and check which domains the JS files of the application are from i.e. netflix uses nflxext.com, in which case you'd place something like "nflx" into the whitelist input (this input is comma separated array i.e. nflx,netflix), which will then get all JS files from sources which include "nflx" in them. The whitelist was created to separate thirdparty JS from the applications JS files.
- Second you'd press start and a new tab called "results" opens up in your browser which allows you to see the data which we're found through various regex.
Results
- Urls
- Endpoints
- Parameters
- Sinks (various sinks with a bit of context)
- PostMessages (These also have a bit of context)
- Misc. (These are values of .get() & .set() with some context)
The regex used
Urls: > /https?:\/\/[a-zA-Z0-9.-_\/\${}:]+/g
Endpoints: > /(?<=[\"\'])\/[a-zA-Z0-9-._\/\${}:]{2,}/g
Parameters: > /(?<=\?)[a-zA-Z0-9-_]{2,}(?==)/g
Misc.: > /[()[]{}\w]{0,20}.[sg]et([\"\'][^\"\']+[\"\'][^)]*)/g
Sinks: > /document.(write(ln)([^)]+)|domain\s?=\s?[^;)]}]{1,300})|.(innerHTML|outerHTML|insertAdjacentHTML|onevent|srcdoc)\s?[=]\s?[^;]{1,300};|dangerouslySetInnerHTML[=:]\s?{?[^;}]{1,300}[;}]|location.(host|hostname|href|pathname|search|protocol)\s?=[^;]{1,300};|location.(assign(|replace()[^)]{1,300})|document.cookie\s?=\s?[^;]{1,300};|(eval(uate)?|execCommand|execScript)([^)]+)|.(href|src|action)\s?=\s?[^;]{1,300};|FileReader.(readAsArrayBuffer|readAsBinaryString|readAsDataURL|readAsText|readAsFile|root.getFile)([^)]{1,300})/g
PostMessages: > /postMessage(.{1,300});|addEventListener([\'\"]message[\'\"].{1,300});/g
Github
https://github.com/Antp1k/jsxtract/
為您的體驗打分數
權限了解更多
此附加元件需要:
- 存取瀏覽器分頁
此附加元件可能也會要求:
- 存取您所有網站中的資料
更多資訊
- 版本
- 1.0
- 大小
- 10.96 KB
- 最近更新
- 1 個月前 (2025年5月4日)
- 相關分類
- 授權條款
- MIT License
- 版本紀錄
新增至收藏集
Device1 製作的更多擴充套件
目前沒有評分- 目前沒有評分
- 目前沒有評分
- 目前沒有評分
- 目前沒有評分
- 目前沒有評分