Skip to content

nccgroup/tracy

BranchesTags

Repository files navigation

Tracy

A pentesting tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner. tracy should be used during the mapping-the-application phase of the pentest to identify sources of input and their corresponding outputs. tracy can use this data to intelligently find vulnerable instances of XSS, especially with web applications that use lots of JavaScript.

tracy is a browser extension that records all user input to a web application and monitors any time those inputs are output, for example in a DOM write, server response, or call to eval.

For guides and reference materials about tracy, see the documentation.

Installation

Tracy is now only a browser extension! No more binaries, just download it from the Chrome or Firefox store.

And that's it! As long as tracy is installed in your browser, you are ready to find XSS. There is no longer any requirements to configure a proxy or certificates.

About

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2018/june/tracy-because-tracing-user-input-through-javascript-is-for-tools/

Topics

chrome-extension firefox security chrome firefox-addon xss browser-extension xss-detection security-tools

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

553 stars

Watchers

25 watching

Forks

68 forks
Report repository

Releases 13

Major version bump Latest
May 6, 2020
+ 12 releases

Packages

No packages published

Contributors 9

Languages