Currently, we raise an event for any detected taint flow (i.e., __taintreport in this function). This is very convenient, as if one uses either a browser extension or something like Playwright, they can easily subscribe to the event and do processing suitable for their use case.
However, there are use cases where this is not quite optimal. @tmbrbr and I are working on integration with reverse proxies typically used for pen testing, think OWAS Zap.
I was thinking of resolving this as follows:
Via additional mozconfig flags, similar to taint-spewing, we could switch the reporting function or call a second one that does an XHR/fetch call to ship off the taint flow to some domain, which ZAP/Burp/Caido can then intercept and suppress. Making the domain configurable is a bit of a hassle, so we should think a bit about how to do this.
Currently, we raise an event for any detected taint flow (i.e.,
__taintreportin this function). This is very convenient, as if one uses either a browser extension or something like Playwright, they can easily subscribe to the event and do processing suitable for their use case.However, there are use cases where this is not quite optimal. @tmbrbr and I are working on integration with reverse proxies typically used for pen testing, think OWAS Zap.
I was thinking of resolving this as follows:
Via additional mozconfig flags, similar to taint-spewing, we could switch the reporting function or call a second one that does an
XHR/fetchcall to ship off the taint flow to some domain, which ZAP/Burp/Caido can then intercept and suppress. Making the domain configurable is a bit of a hassle, so we should think a bit about how to do this.