postMessage-tracker-f
Monitors postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon. All credit goes to Frans Rosén.
Stats
Chrome-Stats Rank
Other platforms
Summary
postMessage-tracker-firefox
This is a super simple port of the extension with added potentially vulnerable function highlighting. All credit goes to Frans Rosén.
Code This addon is free and open-source software (FOSS) all code can be found here: https://github.com/ACK-J/postMessage-tracker-firefox/tree/master Please report your bugs or feature requests in a GitHub issue instead of in a review.
Description Made by Frans Rosén. Presented during the "Attacking modern web technologies"-talk(Slides) at OWASP AppSec Europe back in 2018, but finally released in May 2020.
This Firefox extension monitors postMessage-listeners by showing you an indicator about the amount of listeners in the current window.
It supports tracking listeners in all subframes of the window. It also keeps track of short-lived listeners and listeners enabled upon interactions. You can also log the listener functions and locations to look them through them at a later stage by using the Log URL-option in the extension. This enables you to find hidden listeners that are only enabled for a short time inside an iframe.
Safety
Risk impact
postMessage-tracker-f is risky to use as it requires a number of sensitive permissions that can potentially harm your browser and steal your data. Exercise caution when installing this add-on. Review carefully before installing. We recommend that you only install postMessage-tracker-f if you trust the publisher.
Risk likelihood
postMessage-tracker-f is probably trust-worthy. Prefer other publishers if available. Exercise caution when installing this add-on.