Need help with tracy?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

nccgroup
465 Stars 60 Forks MIT License 740 Commits 4 Opened issues

Description

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

Services available

!
?

Need anything else?

Contributors list

Tracy

A pentesting tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

tracy
should be used during the mapping-the-application phase of the pentest to identify sources of input and their corresponding outputs.
tracy
can use this data to intelligently find vulnerable instances of XSS, especially with web applications that use lots of JavaScript.

tracy
is a browser extension that records all user input to a web application and monitors any time those inputs are output, for example in a DOM write, server response, or call to
eval
.

For guides and reference materials about

tracy
, see the documentation.

Installation

Tracy is now only a browser extension! No more binaries, just download it from the Chrome or Firefox store.

And that's it! As long as tracy is installed in your browser, you are ready to find XSS. There is no longer any requirements to configure a proxy or certificates.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.