You are welcome. That sounds great. We don't have a UI that would make this easy to use for your purposes yet, but that's one of the things we plan to build on top of it. Feature requests are welcome too.
Ivan On Thu, Aug 29, 2013 at 11:20 AM, Ryan Dewhurst <[email protected]>wrote: > Hi Ivan, > > Thank you for taking the time! > > I would be interested in using this on my web application security > assessments to help identify DOM based XSS. > > Thanks again, > Ryan > > > On Thu, Aug 29, 2013 at 5:16 PM, Ivan Alagenchev <[email protected]>wrote: > >> Hello Ryan, >> >> Thank you for showing interest. >> >> The build instructions are pretty much these here: >> https://developer.mozilla.org/en-US/docs/SpiderMonkey/Build_Documentation >> I use these configure commands: >> https://github.com/alagenchev/spider_monkey/blob/master/js-1.8.5/js/src/ivan_configure_script >> The first line is for linux, the second for mac. >> Here is my build setup: >> https://github.com/alagenchev/spider_monkey/blob/master/js-1.8.5/js/src/IvanBuildInstructions.txt >> I realize that more people than just me can start looking at this, so I >> am going to add step by step build instructions starting from a fresh >> checkout today. I'll send you a link to the more detailed instructions when >> I'm done with it. >> >> Thanks, >> Ivan >> >> >> >> >> On Thu, Aug 29, 2013 at 3:56 AM, Ryan Dewhurst <[email protected]>wrote: >> >>> Hi, >>> >>> Is there any step by step instructions on how to build and use this for >>> those unfamiliar with Spider Monkey? >>> >>> Thank you, >>> Ryan >>> >>> >>> On Thu, Aug 29, 2013 at 4:43 AM, Ivan Alagenchev >>> <[email protected]>wrote: >>> >>>> Hello Everyone, >>>> >>>> I am pleased to announce that I have finally brought my volunteer >>>> project >>>> that adds string taint tracking to spider monkey to >>>> functional equivalence with the community edition of the DOMinator >>>> project >>>> https://dominator.mindedsecurity.com/. >>>> This was the original goal when we started. >>>> >>>> Mark Goodwin and I started this journey in December of last year and it >>>> has >>>> been a long and difficult process. >>>> The goal of the project was to add taint support for JSString objects in >>>> spider monkey. This can be used as the basis for a >>>> dynamic analysis framework, which can be used to detect DOM XSS >>>> vulnerabilities. >>>> Here is the tracking bug for it: >>>> https://bugzilla.mozilla.org/show_bug.cgi?id=811877. >>>> This achievement allows us to focus on a new goal - namely to improve >>>> the >>>> overall approach and performance of the framework, >>>> so that it can become an integral part of spider monkey one day. Jim >>>> Blandy >>>> will assist us in this new endeavor. >>>> >>>> There is a lot of work left ahead of us, but if you want to look through >>>> some of the code, you can do so at >>>> https://github.com/alagenchev/spider_monkey. >>>> >>>> Thank you, >>>> Ivan >>>> _______________________________________________ >>>> dev-security mailing list >>>> [email protected] >>>> https://lists.mozilla.org/listinfo/dev-security >>>> >>> >>> >> > _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
