This project hosts the DOMinator for Firefox.

DOMinator is a Firefox based software for analysis and identification of DOM Cross Site Scripting issues using dynamic runtime tainting model on strings.

Warning: Do not use it on vanilla Firefox. It won’t work! Use only on the DOMinator for Firefox version.

Before downloading anything be sure to read the instructions

Downloads are here

Installation instructions are here:


A video has been uploaded here to show how it works.
Here’s the video:

DOMinator is a project sponsored by Minded Security, created and maintainted by me (Stefano Di Paola).
I al want to thank Arshan Dabirsiaghi (Aspect Security), Gareth Heyes and Luca Carettoni (Matasano) for their feedback on the pre-pre-beta version 🙂

Finally, feel free to follow DOMinator news on Twitter as well by subscribing to @WisecWisec and @DOMXss.