niftycent.com
NiftyCent
US
Login
Marketplace
Discounts

Show HN: Browser-based XSS scanner

This is a simple single-file python program that can find basic XSS (cross-site scripting) vulnerabilities in a target url. Most XSS discovery tools use a payload refelection strategy in which payloads are injected in url parameters and the GET response is inspected for places where the payload content is reflected. This is a very low precision XSS detection strategy because most reflection does not support execution.

This program uses a different approach, and instead opens the target url in a browser, tests alert(...) payloads directly in the browser context, and listens for an alert being triggered. This means that any XSS spotted by this program is extremely unlikely to be a false positive.

Comments URL: https://news.ycombinator.com/item?id=41251312

Points: 11

# Comments: 0

https://github.com/dshieble/playwright_xss_scanner

Created 11mo | Aug 15, 2024, 5:20:08 AM


Login to add comment

Other posts in this group

Why English doesn't use accents
Why English doesn't use accents

Article URL: https://www.deadlanguagesociety.com/p/why-english-doesnt-use-accents

Comments URL:

Jul 7, 2025, 12:20:10 AM | Hacker news
LLMs should not replace therapists
LLMs should not replace therapists

Article URL: https://arxiv.org/abs/2504.18412

Comments URL: https://news.ycombinator.c

Jul 7, 2025, 12:20:10 AM | Hacker news
Building the Rust Compiler with GCC
Building the Rust Compiler with GCC

Article URL: https://fractalfir.github.io/generated_html/cg_gcc_bootstrap.html

Comments URL:

Jul 7, 2025, 12:20:09 AM | Hacker news
Nobody has a personality anymore: we are products with labels
Nobody has a personality anymore: we are products with labels

Article URL: https://www.freyaindia.co.uk/p/nobody-has-a-personality-anymore

Comments URL:

Jul 7, 2025, 12:20:09 AM | Hacker news
A non-anthropomorphized view of LLMs
A non-anthropomorphized view of LLMs

Article URL: http://addxorrol.blogspot.com/2025/07/a-non-anthropomorphized-view-of-llms.html

Co

Jul 7, 2025, 12:20:08 AM | Hacker news
Intel's Lion Cove P-Core and Gaming Workloads
Intel's Lion Cove P-Core and Gaming Workloads

Article URL: https://chipsandcheese.com/p/intels-lion-cove-p-core-and-gaming

Comments URL:

Jul 7, 2025, 12:20:07 AM | Hacker news
The Broken Microsoft Pact: Layoffs and Performance Management
The Broken Microsoft Pact: Layoffs and Performance Management

Article URL: https://danielsada.tech/blog/microsoft-pact/

Comments URL: ht

Jul 7, 2025, 12:20:07 AM | Hacker news
Techie
Techie