Using Tracy - adam-schaefer-ncc/tracy GitHub Wiki
Using Tracy While Mapping a Web Application
To get Tracy up and running, or to get an overview of the Tracy UI components, consult the relevant documentation
With the browser set up with the Tracy extension, map out the application as you normally would. This involves clicking buttons, signing up for accounts, and editing form fields. Basically, gather as much information about the features of the application as possible. You'll notice that Tracy adds a logo next to input fields. By clicking on the logo, you can add several types of
While mapping the application, use tracy
payloads to mark particular input fields as potential sources of taint. After the application is mapped, open the tracy
UI by clicking the extension logo and view the data that was collected. Identify any known vulnerable cases of XSS that tracy
calls out and verify and suspicious cases.
Examples using Google Gruyère
The first step