?
Settings
Version: 2.0.7
Main settings
Sinks
Custom Sinks
Sources
Messages
Show/hide sinks
Custom sinks
Show/hide sources
Messages configuration
Sinks callback configuration
This is for advanced users only. Please ensure this is valid JavaScript.
Sink callback
Add custom sink
Object to instrument:
Sink name:
Look for canary?
Sources callback configuration
This is for advanced users only. Please ensure this is valid JavaScript.
Source callback
Messages callback configuration
This is for advanced users only. Please ensure this is valid JavaScript.
Message callback
DOMInvader is on
Postmessage interception is off
Postmessage origin spoofing is off
Canary injection into intercepted messages is off
Filter messages with duplicate values is off
Generate automated messages is off
Detect cross domain leaks is off
Attack types
DOM clobbering is off
Warning: Site functionality is likely to break
Techniques configuration
Prototype pollution configuration
Scan for gadgets is on
Amount of properties to scan per iframe
Slower more accurate
Faster less accurate
Auto scale amount of properties per frame is on
Scan nested properties is on
Query string injection is on
Hash injection is on
JSON injection is on
Verify onload is on
Remove CSP header is off
Remove X-Frame-Options header is off
Scan each technique in separate frame is off
Prototype pollution is off
Misc
Message filtering by stack trace is off
Auto fire events are off
Redirection prevention is off
Add breakpoint before redirect is off
Inject into sources configuration
Inject into:
All parameters
The following parameters only
Inject canary into all sources is off
Remove permissions policy header is off
Randomize
Copy
Update canary
In order for changed settings to take effect, you must reload your browser.
Reload
Open devtools to use the extension. A DOM Invader tab has been added to devtools.
