View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0004910||Kali Linux||[All Projects] New Tool Requests||public||2018-08-18 13:15||2020-01-13 13:33|
|Priority||normal||Severity||feature||Reproducibility||have not tried|
|Target Version||Fixed in Version|
|Description||## gotmilk questions|
- [Name] - Eval Villain
- [Version] - Latest available on AMO, 1.4 at this time.
- [Homepage] - https://github.com/swoops/eval_villain
- [Download] - From AMO: https://addons.mozilla.org/en-US/firefox/addon/eval-villain/
- [Author] - I am the author.
- [Licence] - GPLv3. If this is a problem let me know.
- [Description] -
Eval Villian is, in short, an easily configurable LD_PRELOAD for
Eval Villian is a web extension for Firefox that hooks user specified
functions (or setters) before page load. Hooked functions then log
information to the console.
Eval Villain's main purpose is to find DOM XSS. So most of it's features
are centered around highlighting interesting calls and throwing away what
is worthless. So regex white/black lists, domain filters, ect.
- [Dependencies] -
Firefox >= 59:
This appears like it might be a problem. On my Kali box:
> firefox-esr --version
Mozilla Firefox 52.9.0
Regretfully, in order to win the race with inline scripts and allow user
configuration I use `contentScripts.register` which requires Firefox 59.
If I can do something to help alleviate this burden let me know.
- [Similar tools] -
I have not seen any other plugin with this purpose. Previously I used
- [How to install] -
* Visit the AMO page:
* click "add to Firefox"
- [How to use] -
Click the icon in the tool bar and enable it via the toggle. Then visit a
web page with the console open. Use the site and keep an eye on the console.
## questions from Docs.kali.org/policy/penetration-testing-tools-policy
* Is the tool useful/functional in a Penetration Testing environment?
Yes, it makes finding DOM XSS very easy.
* Does the tool overlap functionality of other existing tools?
I don't think so. See "[Similar tools]" above.
* Does the licensing of the tool allow for free redistribution?
* How much resources does the tool require? Will it work in a “standard” environment?
The tool is very light, has no external dependencies. It could be used in a
restrictive internal pentest.
|2018-08-18 13:15||srccsebt||New Issue|
|2018-08-18 13:15||srccsebt||Issue generated from: 0004895|
|2019-12-09 13:30||g0tmi1k||Severity||minor => feature|
|2019-12-09 13:30||g0tmi1k||Status||acknowledged => new|
|2020-01-06 13:01||g0tmi1k||Product Version||2018.2 =>|
|2020-01-06 13:25||g0tmi1k||Relationship added||has duplicate 0004895|
|2020-01-13 13:33||g0tmi1k||Status||new => closed|
|2020-01-13 13:33||g0tmi1k||Resolution||open => won't fix|
|2020-01-13 13:33||g0tmi1k||Note Added: 0011889|