Feature: Read through the DOM to point a user to location of payload trigger

Question

Feature: Read through the DOM to point a user to location of payload trigger

gothinski opened this issue 6 years ago · 2 comments

For XSS payloads in events such an 'onClick', where a user would need to interact with an element to trigger a payload, we could read through the DOM where the payload was injected, and try to find a way to tell the user its location and means to trigger it.

For example: The request in Tracy could have a "Trigger" field which says something like "Click on dropdown" or "Click on link".

Answer 1 · 2019-04-19T13:23:33.000Z

This might be tricky. When we spoke in person, I hadn't thought it through, but we trigger DOM events based on the MutationObserver APIs, which doesn't give us insight into the callstack. So we won't know, for example, that the DOM was modified due to a click or mouse movement. We'll only know that it changed. I was kind of thinking if we could get access to the callstack at the point where the event happens, we could do something like this, but I'm not sure. I'll noodle on it.

Answer 2 · 2019-07-31T00:26:14.000Z

Not sure this would be possible currently.