

DOM Snitch: Google's passive in-the-browser reconnaissance tool - abraham
http://googletesting.blogspot.com/2011/06/introducing-dom-snitch-our-passive-in.html

======
paraschopra
Gmail stops working if you have DOM Snitch enabled.

I tried it but to be honest did not find it terribly useful. They seem to be
using some very simple rules for best practices (like avoiding
document.write). But it's nothing more than that (yet)

~~~
miguel_lourenco
Sites might break when you have DOM Snitch enabled. You can always right click
and put it in "Standby" mode, which should solve the problem. There are at
least two known issues that can cause this, listed at
<https://code.google.com/p/domsnitch/wiki/KnownIssues>. I don't know what
might be causing it to break GMail, could be a lab or that it simply was never
tested much with GMail.

I wouldn't really call them rules. The tool looks for use of dangerous
JavaScript APIs and, when it detects them, it gives you more information, such
as stack trace and arguments. That information should help someone determine
if a particular use is insecure. Besides that it has some relatively simple
logic to determine if a particular usage might be a security bug or not, which
is indicated through different colors.

~~~
miguel_lourenco
FWIW, Gmail does not seem to break for me when I use it there.

------
fourk
Does anyone have an example site they can link that will trigger DOM Snitch to
do something? I've been unable to find a site that causes any visible change
on the DOM Snitch tab or the offending page.

~~~
miguel_lourenco
Are you sure you enabled "Passive" or "Invasive" mode and some of the modules?

Everything will be turned off when you install it. Once you change settings
all new tabs will open with the new settings.

------
yellow
I'm going to uninstall it. I can't seem to get it to work in both my Dev and
Stable channel instances (the table never updates). Also, my beloved middle
mouse button behavior has changed. I hope future revisions make it worth
while.

------
makthrow
Tried it today. It slows down google chrome considerably.

