.jpeg){kind=link}
Extension/Devtools code execution post-rigtools patch (<133)
1. Download HARTOOLS.har](https://github.com/crossjbly/HarTools/releases/download/latest/HARTOOLS.har)**\
2. Get the file HARTOOLS.har onto the device you want to run the devtools XSS on
3. On the device you want to run the devtools XSS on go to devtools://devtools/bundled/inspector.html
4. Once it loads, add ?experiments=true to the end of the URL
5. On the sidebar on the inspector page at the top click the 2 arrows (looks like: >>) and select network from the dropdown
^^^ if you are already on the network page you can skip this ^^^
6. Click the little upload button and select the downloaded HARTOOLS.HAR
^^^ you may need to expand the sidebar to see it ^^^**
7. Double click on the text that appears in the box
if devtools://devtools/bundled/inspector.html is blocked for you:
substitute inspector.html with any of the following:
js_app.html
devtools_app.html
worker_app.html
- Clone the repo using
git clone https://github.com/crossjbly/HarTools.git, then cd into the directory usingcd HarTools - Make any changes you want to the html, or js files
- Run autoxss.py with
python autoxss.py - Head over to the generator and paste the contents of autoxss.js (if vercel.app is blocked or this is down use the data page url)
- Crossjbly: Finding the vulnerability in .har files
- Blobby Boi: Helping with development of the payloads and UI
- axqmx: Testing and help with development
- toaster: toasting and sharing this
- HarryJarry1: Creating autoxss and with helping development
- unretained: Original rigtools developer tools code execution exploit (this literally wouldn't have been possible without rigtools lol)
- This has been patched by google as of Chrome V133, Only specific versions of 132 work, if it does work for you ping me in either the Titanium Network discord server (in #kajigs-discussion) or directly on discord (@crossjbly)
- This will work without internet because everything is included in the main payload ran
If you post this anywhere other than Titanium Network please give proper credits and link this repo, and please don't post this on ext-remover.