- Notifications
You must be signed in to change notification settings - Fork5
Catch mixed content issues in the wild
License
agis/mcdetect
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
mcdetect is a tool that detectsmixed content issueswith certainty.
Tools used to catch mixed content issues often relyon parsing the DOM to determine if insecure contentwill be loaded in a specificpage. Consequently they may report false negatives since not all such issuescan be detected statically.
mcdetect can determine with absolute certainty if any mixed contenterrors or warnings actually occur on a page. It does this by visitingthe pages and evaluating their Javascript like a regular browser would do.In other words, itdoes not report false negatives.
It does this by leveragingHeadless Chromethat shipped with Chrome 59 and theDevTools Protocol.
- Node 7.6.0 or later
$ npm install -g mcdetect
Checking a single target page:
$ mcdetect https://example.com https://google.com
Checking multiple targets (if no protocol is specified, it is assumed to be"https://"):
$ mcdetect example.com google.com
Multiple targets can also be given via a config file:
$ cat my_urls.json{"targets": ["googlesamples.github.io/web-fundamentals/fundamentals/security/prevent-mixed-content/xmlhttprequest-example.html","googlesamples.github.io/web-fundamentals/fundamentals/security/prevent-mixed-content/passive-mixed-content.html" ]}$ mcdetect --config my_urls.jsonFor more usage examples and options seemcdetect --help.
- Add scraping mode (with max depth)
- More output formats (eg. json, csv, pdf)
- error handling (modes: exit on error, ignore errors, report errors)
- interactive mode
- follow redirects
- read targets from stdin
mcdetect is licensed under MIT. SeeLICENSE.
About
Catch mixed content issues in the wild