Domsnitch - passive reconnaissance tool inside DOM

Domsnitch - passive reconnaissance tool inside DOM

DOM Snitch is an experimental Chrome extension that enables developers and testers to identify insecure practices commonly found in client-side code. 


developers we have adopted several approaches to intercepting JavaScript calls to key and potentially dangerous browser infrastructure such as document.write or HTMLElement.innerHTML (among others). Once a JavaScript call has been intercepted, DOM Snitch records the document URL and a complete stack trace that will help assess if the intercepted call can lead to cross-site scripting, mixed content, insecure modifications to the same-origin policy for DOM access, or other client-side issues.


Key features:

• Real-time: Developers and testers can observe DOM modifications as they happen inside the browser without the need to step through JavaScript code with a debugger or pause the execution of their application.
• Easy to use: With built-in security heuristics and nested view, both advanced and less experienced developers and testers can quickly spot areas of the application being tested that need more attention.
• Easier collaboration: Enables developers and testers to easily export and share captured DOM modifications while troubleshooting an issue with their peers.

Download Here
https://code.google.com/p/domsnitch/downloads/list