?
Settings
Sinks
Sources
Messages
Show/hide sinks
Show/hide sources
Messages configuration
Sinks callback configuration
This is for advanced users only. Please ensure this is valid JavaScript.
Sink callback
Sources callback configuration
This is for advanced users only. Please ensure this is valid JavaScript.
Source callback
Messages callback configuration
This is for advanced users only. Please ensure this is valid JavaScript.
Message callback
DOMInvader is on
Postmessage interception is off
Postmessage origin spoofing is off
Canary injection into intercepted messages is off
Filter messages with duplicate values is off
Generate automated messages is off
Message filtering by stack trace is off
Auto fire events are off
Redirection prevention is off
Add breakpoint before redirect is off
Techniques configuration
Prototype pollution configuration
Scan for gadgets is on
Amount of properties to scan per iframe
Slower more accurate
Faster less accurate
Auto scale amount of properties per frame is on
Scan nested properties is on
Query string injection is on
Hash injection is on
JSON injection is on
Verify onload is on
Remove CSP header is off
Remove X-Frame-Options header is off
Scan each technique in separate frame is off
Prototype pollution is off
Inject into sources configuration
Inject canary into all sources is off
Update canary
In order for changed settings to take effect, you must reload your browser.
Reload
Open devtools to use the extension. A DOM Invader tab has been added to devtools.
