DOMLogger++ version history - 5 versions
DOMLogger++ by Kévin (Mizu)
DOMLogger++ version history - 5 versions
Be careful with old versions! These versions are displayed for testing and reference purposes.You should always use the latest version of an add-on.
Latest version
Version 1.0.7
Released Nov 14, 2024 - 652.96 KBWorks with firefox 58.0 and later### Added
- New hideThis configuration key to hide thisArg in devtools for function sinks (#29) (Thanks aristosMiliaressis).
- Improved leverage-innerHTML.json config to detect potential document DOM clobbering sinks.
- New Client-Side Prototype Pollution detection (cspp.json) configuration file.
- Devtools font size can now be configured from the settings.
### Updated
- The CSPT config has been improved to properly handle "fetch(new Request('/'))".
- Banned words have been updated in all configs.
- The thisArg notation in devtools has been improved to make it easier to read (#29) (Thanks aristosMiliaressis).
- JavaScript injection has been improved on Firefox (wasn't needed for Chromium) to limit the init race condition.
- The dupKey value is now computed in the DOM instead of the background script.
### Fixed
- Fixed a bug that made attribute hooking impossible without set/get.
- Fixed a bug that blocked hooking postMessage without typing window.postMessage (#25).
- Fixed a DOS loop issue in the onmessage handler that triggered a hooked sink.Source code released under MIT License
Download Firefox and get the extensionYou'll need Firefox to use this extensionOlder versions
Version 1.0.6
Released Aug 4, 2024 - 652.12 KBWorks with firefox 58.0 and later### Added
- New configuration files (postMessage & leverage-xss.json) are available in the configs folder (it will be improved soon).
- A new globals root key is associated with the domlogger.globals variable for execCode shortcut.
- A new onload root key is used to execute code after the extension loads.
- New matchTrace and !matchTrace directives have been added to the config root key, allowing filtering based on the sink's stack trace ([#13](https://github.com/kevin-mizu/domloggerpp/issues/13)) (Thanks [jonathann403](https://github.com/jonathann403)).
- Hooked functions and classes are now available in domlogger.func for execCode usage to avoid DoS due to recursive hook/usage.
- The domlogger.update.thisArg property can be used within the hookFunction directive to overwrite the thisArg value.
- A new full-screen mode has been added in DevTools ([#20](https://github.com/kevin-mizu/domloggerpp/pull/20)) (Thanks [xanhacks](https://github.com/xanhacks)).
- New tooltips have been added to the popup and DevTools icons ([#23](https://github.com/kevin-mizu/domloggerpp/pull/23)) (Thanks [xanhacks](https://github.com/xanhacks)).
### Updated
- The frames column now properly describes which frames the sink has been found in (e.g., top.frames[1].frames[0]).
- The RegExp.prototype.toJSON method has been overwritten to properly log the regex value instead of {}.
- Arguments passed in the exec: directive are no longer stringified, making their usage easier.
- The exec: and hookFunction directives now have 3 parameters: thisArg, args, and target.
- The CSPT config has been updated to work properly with the new updates.
### Fixed
- The DevTools tab should work better now; I'll aim to completely fix it in the next release.
- Fixed a bug that was blocking URLSearchParams.prototype.get from being hooked ([#15](https://github.com/kevin-mizu/domloggerpp/pull/15)) (Thanks [matanber](https://github.com/matanber)).
- Stopped using crypto.subtle, which isn't exposed over HTTP (making the extension unavailable in that case) ([#14](https://github.com/kevin-mizu/domloggerpp/issues/14)) (Thanks [FeelProud](https://github.com/FeelProud)).
- The "Add Current eTLD+1" button in the popup now properly handles public eTLDs (e.g., .co.uk) and IPs ([#17](https://github.com/kevin-mizu/domloggerpp/issues/17)) (Thanks [xnl-h4ck3r](https://github.com/xnl-h4ck3r)).
- Unicode characters in the config should no longer cause the extension to crash.
- The hookFunction directive should now be working properly.
- The extension should no longer crash if the config root key is absent.
- The UI for the "Remove Headers" settings has been fixed ([#19](https://github.com/kevin-mizu/domloggerpp/issues/19)) (Thanks [xanhacks](https://github.com/xanhacks)).Source code released under MIT License
Version 1.0.5
Released Jul 16, 2024 - 630.37 KBWorks with firefox 58.0 and later### Added
- A new (CSPT) config is available in the configs folder.
- New feature to remove response headers based on the JSON config.
- CTRL+S can now be used to save JSON configs (#4) (Thanks FeelProud).
- Config keys can now contain several targets using "|".
- Information about the current thisArg is now logged (#3) (Thanks aristosMiliaressis).
- The exec: regex directive now provides a target argument equal to the currently found sink.
- A new _comment root key is available within the configuration JSON (#6) (Thanks xnl-h4ck3r).
- New "current domain" and "current etld+1" buttons available in the popup (#8) (Thanks Aituglo)
- New pwnfox integration for Firefox (#8) (Thanks Aituglo)
### Updated
- The whole background script code has been segmented and optimized into several files.
- The usage of sendMessage has been replaced by storage.onChanged for cross-context data exchange.
- Devtools clearStorage & removeRow buttons now update all Devtools tabs.
### Fixed
- Devtools data highlighting is now working fine in "show more" (#5) (Thanks AetherBlack).
- Event directive now properly hooks HTMLElement events.
- allowedDomains regex now properly handles IP domains.
- The Devtools should now stop having sync issues that require reloading them.Source code released under MIT License
Version 1.0.4
Released May 17, 2024 - 624.93 KBWorks with firefox 48.0 and later### Added
- New configs available in the configs folder.
- New requiredHooks config option.
- New exec: match and !match directives -> generate your regex using JavaScript.
- It is now possible to fully configure the devtools table (hiding columns, reordering, etc.).
- New domlogger.clean() function to reset the current Canary debugger.
### Updated
- hookFunction now ensures that the provided code is valid.
- In case of attribute hooking, if neither get: nor set: is specified, both will be hooked.
- The goto function has been optimized and should always be working.
### Fixed
- Internally used functions are now safely utilized, avoiding any DOS issues.
- The devtools table is now perfectly responsive.Source code released under MIT License
Version 1.0.3
Released Oct 22, 2023 - 521.58 KBWorks with firefox 48.0 and later[FIX] HTML enconding bug in devtools.Source code released under MIT License