postMessage-tracker-f

Monitors postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon. All credit goes to Frans Rosén.

postMessage-tracker-f

Add-on stats

Users: 113
-1
Rating: 5.00
(1)
Version: 1.1.2 (Last updated: 2024-01-24)
Creation date: 2024-01-18
Weekly download count: 13
Firefox on Android: No
Risk impact: High risk impact
Risk likelihood:
Manifest version: 2
Permissions:
  • tabs
  • storage
  • <all_urls>
Size: 31.48K
URLs: Website

Other platforms

Not available on Chrome
Not available on Android
Not available on Edge
Want to check extension ranking and stats more quickly for other Firefox add-ons? Install Chrome-Stats extension to view Firefox-Stats data as you browse the Firefox Browser Add-ons.

Add-on summary

postMessage-tracker-firefox

This is a super simple port of the extension with added potentially vulnerable function highlighting. All credit goes to Frans Rosén.

Code This addon is free and open-source software (FOSS) all code can be found here: https://github.com/ACK-J/postMessage-tracker-firefox/tree/master Please report your bugs or feature requests in a GitHub issue instead of in a review.

Description Made by Frans Rosén. Presented during the "Attacking modern web technologies"-talk(Slides) at OWASP AppSec Europe back in 2018, but finally released in May 2020.

This Firefox extension monitors postMessage-listeners by showing you an indicator about the amount of listeners in the current window.

It supports tracking listeners in all subframes of the window. It also keeps track of short-lived listeners and listeners enabled upon interactions. You can also log the listener functions and locations to look them through them at a later stage by using the Log URL-option in the extension. This enables you to find hidden listeners that are only enabled for a short time inside an iframe.

See more

Add-on safety

Risk impact

postMessage-tracker-f requires some sensitive permissions that could impact your browser and data security. Exercise caution before installing.

Risk likelihood

postMessage-tracker-f is probably trust-worthy. Prefer other publishers if available. Exercise caution when installing this add-on.

Upgrade to see risk analysis details