DOMinator: A Firefox Based DOMXss Identifier and Analyzer!

So, DOMinator is a Firefox based software for analysis and identification of DOM Based Cross Site Scripting issues (DOMXss). It is the first runtime tool which can help security testers to identify DOMXss. It uses dynamic runtime tainting model on strings and can trace back taint propagationoperations in order to understand if a DOMXss vulnerability is actually exploitable. It is capable of doing all this because SpiderMonkey and the Firefox Code were modified and recompiled so that we could have the DOMinator. Though there is a DOMinator Firefox extension, it is just the GUI to the actual underlying code. Typically, the DOMinator workflow can be divided into two main modules:
  • Firefox DOMinator: Concerning the implementation of tainting propagation made by modifyingJavaScript interpreter SpiderMonkey and some parts regarding DOM objects implmented inFirefox kernel. It is implemented in C/C++ modifying strategical spots in Spidermonkey andFirefox in order to create a String Taint Propagation model to be exposed in HTML pages via JavaScript DOM.
  • DOMinator Extension: This is a Firefox and Firebug extension that performs log analysis, identifies criticalities and visualizes them by exploitability categories. It is written in JavaScript, and deploying several modules concerning DOM Javascript injection of custom code, logging, analysis and exploitability level identification.
As of now, DOMinator can help in identifying reflected DOM Based XSS, but it could be extended to stored DOMXss analysis too! You can even customize it by adding taint propagation to particular strings that you choose. You can add new sources and new sinks whenever you want and letDOMinator warn you when some particular operation is performed. It supports Windows and Linux operating systems. The support for Mac OS X will be added soon!
Click here to download Scoot here 


Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info. Thank You ! -Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You! -Team VOGH



Post a Comment

Related Posts Plugin for WordPress, Blogger...