@skeptic_fx

Ahamed Nafeez



Modules Created

jQuery Versions Vulnerable to Selector DOM XSS via # aka Selector IDs. Properties of LocalStorage Knockout JS libraries vulnerable to data-bind injection testing no-op Element Node Setters Number Properties exposed by the Window Object? Direct references to Window objects Can Do Not Track be bypassed using XHR ? Location unforgeable - Test Harness List of constructors that refer to window w/o parenthesis Does Iframe sandbox execute script inside child iframe? Attribute Separators Can Cookie Setter be Hooked? SecurityPolicyViolationEvent Location hash (aka. fragment) spills into data URI content TestHarness: Allowed Request Headers by XHR jQuery UI .dialog() closeText property DOM XSS Sink. Configurability of Location Properties AngularJS Sandbox Bypasses HTTP Methods Supported by XHR List of properties that doesn't need parenthesis Getters & Setters for Element.prototype TestHarness: Using Assertions in DomStorm Valid attribute separators Document Setters Check document.domain Run domato fuzzer 1000000 times

Other Favorite Modules

Hooking Storage Objects - By @ jQuery Versions Vulnerable to Selector DOM XSS via # aka Selector IDs. - By @skeptic_fx Properties of LocalStorage - By @skeptic_fx Knockout JS libraries vulnerable to data-bind injection - By @skeptic_fx jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR') - By @ Element Node Setters - By @skeptic_fx Number Properties exposed by the Window Object? - By @skeptic_fx Direct references to Window objects - By @skeptic_fx Can Do Not Track be bypassed using XHR ? - By @skeptic_fx TestHarness: XMLHttpRequest: setRequestHeader() name argument checks - By @ashishc9211 List of constructors that refer to window w/o parenthesis - By @skeptic_fx Does Iframe sandbox execute script inside child iframe? - By @skeptic_fx XSS vectors without user interaction - By @Psych0tr1a Attribute Separators - By @skeptic_fx Allowed Request Headers by XHR - By @ Check document.domain - By @ Location hash (aka. fragment) spills into data URI content - By @skeptic_fx jQuery UI .dialog() closeText property DOM XSS Sink. - By @skeptic_fx Configurability of Location Properties - By @skeptic_fx Can Navigator.UserAgent Be Spoofed? - By @ jQuery-UI XSS via .dialog() method - By @Psych0tr1a jQuery Selectors Vulnerable to XSS - By @mihirgokani007 AngularJS Sandbox Bypasses - By @skeptic_fx HTTP Methods Supported by XHR - By @skeptic_fx List of properties that doesn't need parenthesis - By @skeptic_fx Getters & Setters for Element.prototype - By @skeptic_fx jQuery Migrate DOM XSS $("a[href='<XSS>']") [Attribute equals selector] - By @Psych0tr1a TestHarness: Using Assertions in DomStorm - By @skeptic_fx Run domato fuzzer 1000000 times - By @skeptic_fx