postMessage-tracker-f

Monitors postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon. All credit goes to Frans Rosén.

Download

Add-on stats

By: Hacks and Hops

View on Firefox Browser Add-ons

Users: 109 ▲ 2

Rating: 5.00 (1)

Version: 1.1.2 (Last updated: 2024-01-24)

Creation date: 2024-01-18

Weekly download count: 7

Firefox on Android: No

Risk impact: High risk impact

Risk likelihood: Moderate risk likelihood

Manifest version: 2

Permissions:

tabs
storage
<all_urls>

Size: 31.48K

URLs: Website

Ranking

# 9438 ▲ 20

Other rankings

#10 in message keyword 17

#15 in messages keyword 11

#18 in usage keyword 14 ▼ 1

#18 in usage tracker keyword 23

#22 in post keyword 22

Upgrade to see more rankings

Other platforms

Not available on Chrome

Not available on Edge

Want to check extension ranking and stats more quickly for other Firefox add-ons? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Firefox Browser Add-ons.

Add-on summary

Analyze keywords

postMessage-tracker-firefox

This is a super simple port of the extension with added potentially vulnerable function highlighting. All credit goes to Frans Rosén.

Code This addon is free and open-source software (FOSS) all code can be found here: https://github.com/ACK-J/postMessage-tracker-firefox/tree/master Please report your bugs or feature requests in a GitHub issue instead of in a review.

Description Made by Frans Rosén. Presented during the "Attacking modern web technologies"-talk(Slides) at OWASP AppSec Europe back in 2018, but finally released in May 2020.

This Firefox extension monitors postMessage-listeners by showing you an indicator about the amount of listeners in the current window.

It supports tracking listeners in all subframes of the window. It also keeps track of short-lived listeners and listeners enabled upon interactions. You can also log the listener functions and locations to look them through them at a later stage by using the Log URL-option in the extension. This enables you to find hidden listeners that are only enabled for a short time inside an iframe.

Add-on safety

Risk impact

postMessage-tracker-f requires some sensitive permissions that could impact your browser and data security. Exercise caution before installing.

Risk likelihood

postMessage-tracker-f is probably trust-worthy. Prefer other publishers if available. Exercise caution when installing this add-on.

Upgrade to see risk analysis details