Hi Ivan, Thank you for taking the time!
I would be interested in using this on my web application security assessments to help identify DOM based XSS. Thanks again, Ryan On Thu, Aug 29, 2013 at 5:16 PM, Ivan Alagenchev <alagenc...@gmail.com>wrote: > Hello Ryan, > > Thank you for showing interest. > > The build instructions are pretty much these here: > https://developer.mozilla.org/en-US/docs/SpiderMonkey/Build_Documentation > I use these configure commands: > https://github.com/alagenchev/spider_monkey/blob/master/js-1.8.5/js/src/ivan_configure_script > The first line is for linux, the second for mac. > Here is my build setup: > https://github.com/alagenchev/spider_monkey/blob/master/js-1.8.5/js/src/IvanBuildInstructions.txt > I realize that more people than just me can start looking at this, so I am > going to add step by step build instructions starting from a fresh checkout > today. I'll send you a link to the more detailed instructions when I'm done > with it. > > Thanks, > Ivan > > > > > On Thu, Aug 29, 2013 at 3:56 AM, Ryan Dewhurst <ryandewhu...@gmail.com>wrote: > >> Hi, >> >> Is there any step by step instructions on how to build and use this for >> those unfamiliar with Spider Monkey? >> >> Thank you, >> Ryan >> >> >> On Thu, Aug 29, 2013 at 4:43 AM, Ivan Alagenchev <alagenc...@gmail.com>wrote: >> >>> Hello Everyone, >>> >>> I am pleased to announce that I have finally brought my volunteer project >>> that adds string taint tracking to spider monkey to >>> functional equivalence with the community edition of the DOMinator >>> project >>> https://dominator.mindedsecurity.com/. >>> This was the original goal when we started. >>> >>> Mark Goodwin and I started this journey in December of last year and it >>> has >>> been a long and difficult process. >>> The goal of the project was to add taint support for JSString objects in >>> spider monkey. This can be used as the basis for a >>> dynamic analysis framework, which can be used to detect DOM XSS >>> vulnerabilities. >>> Here is the tracking bug for it: >>> https://bugzilla.mozilla.org/show_bug.cgi?id=811877. >>> This achievement allows us to focus on a new goal - namely to improve the >>> overall approach and performance of the framework, >>> so that it can become an integral part of spider monkey one day. Jim >>> Blandy >>> will assist us in this new endeavor. >>> >>> There is a lot of work left ahead of us, but if you want to look through >>> some of the code, you can do so at >>> https://github.com/alagenchev/spider_monkey. >>> >>> Thank you, >>> Ivan >>> _______________________________________________ >>> dev-security mailing list >>> dev-security@lists.mozilla.org >>> https://lists.mozilla.org/listinfo/dev-security >>> >> >> > _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
