/PostMessage_Fuzz_Tool

#BugBounty #BugBounty Tools #WebDeveloper Tool

Primary LanguageJavaScript

PostMessage_Fuzz_Tool Chrome app & Extension

Installation

  1. Install Tampermonkey
  2. Install the TampermonkeyScript "postmessage-hook.js"

"Enable Developer Mode" by click toggle button in right side.

  1. Then open chrome://extensions and drag "PostMessageMainTool.crx" to the screen and click add.
  2. Then click "Load unpacked" button and select the folder "PostMessage_ui_extension-kiran" it will add the PostmessageUI extension on screen.

How to get started.

  1. Click on TamperMonkey icon and click on PostMessage script toggle button ( to enable it).
  2. Goto chrome://apps and click on PostMessage Tool icon and click start button and minimize it.
  3. The click on "postmesage ui" i.e "P" icon on your chrome toolbar which is our ui tool for postmessage. > click "logger"

It will open the logger tool popup. Now we are ready !!! to start capture the Message Handlers and Fuzz.

Simply Refresh the Browser tab "www.youtube.com", after loaded fully, click on "Dump Handlers" to dump the messages.

Once loaded all handlers, we can check them by clicking on "replay" button.

#Using : https://youtu.be/2CLWyj9uFEg

###Credits to Appcheck ng for POC tool.