GEN-PLAIN and GEN-XSS not inserting into input fields

Question

GEN-PLAIN and GEN-XSS not inserting into input fields

for-indy opened this issue 6 years ago · 1 comments

Using version 0.6, when I click n the owl and select GEN-PLAIN or GEN-XSS, nothing happens in the browser, but I see a new payload pop up each time in the Tracy web UI. The zz payloads will insert into the input but not the GEN.

I see no errors in the terminal Tracy is running in when I try these inputs, but in the Javascript console in the web tools in Chrome I see SyntaxError: Unexpected end of JSON input, then below that Cross-Origin Read Blocking (CORB) blocked cross-origin response http://localhost:7777/api/tracy/tracers/generate?tracer_string=GEN-XSS&url=https://www.w3schools.com/html/html_forms.asp with MIME type text/plain. See https://www.chromestatus.com/feature/5629709824032768 for more details.

Answer 1 · 2019-04-02T14:21:03.000Z

Per our discussion in person, I believe this is due to Chrome's new stance on CORS requests from within a content script. More info is here:

https://www.chromium.org/Home/chromium-security/extension-content-script-fetches

We need to move the fetch requests out of the content script and into the background page.