XSS Rays is a complete XSS reversing/scanner tool. It helps you to find how a site is filtering code, and allows you to check for injections and inspect objects. It is a security tool to help pen test large web sites. It’s core features include a XSS scanner, XSS Reverser and object inspection. If you want to know how a certain page filters output and don’t have its source code, XSS Rays will perform a blackbox reverse of the XSS filter without needing the source code!

You can also extract/view and edit forms non-destructively that normally can’t be edited. For example if you want to modify the value of a checkbox without changing it’s type XSS Rays can link to the object and allow you to change the value without altering the original object.

Using the object inspector you can browse through the window object and edit the contents of the functions in real time allowing you to dissect a web page and understand more how it works. This also works with globally defined functions, you can see which functions the developer has decided to place within the window object. All these add a lot of punch for this cross site scripting Google Chrome extension!

Features of XSS Rays:

Seems like people are finally starting to think of Google Chrome as a tool to assist them in penetration tests, etc. We are hoping to see many more extensions like we now have on Mozilla Firefox!

Download XSS Rays v1.0 here