View Live Event Stream

As you browse a site, you can view a live stream of Events and Issues captured by Sboxr in the site you are browsing.

The items shown here auto-update and only the 100 most recent items from each category are shown at any point of time.

You have an option to pause the live update and then resume it.

This feature is useful to understand how the application behaves to your inputs in a more fine grained manner and identify issues in those behavior.

For example, if you are in a login page and submit your credentials then you can immediately see what actions the application performs to handle the authentication and session management. You can see if the credentials or other data are sent to some external party. You can see if any session tokens are stored on the client-side in IndexedDB or LocalStorage.

It can even be useful when you have analyzed an issue and are trying to validate it. For example, if Sboxr has reported that data from untrusted source is sent to the eval method. Then you can trying sending different payloads via the untrusted source and check the live events to see if any of the payloads succeed in reaching the eval, even if not in an exploitable manner. This would help you hone your payload.

High frequency events like WebSocket message and Cross-window message exchanges (also the data leaked through them) are not shown here. This is to reduce clutter.