Back to Projects
Completed2025

Glitchunt

Browser extension for finding hidden elements on websites for penetration testing purposes

HTMLCSSJavaScriptBrowser Extension API
View Source
Glitchunt

Overview

Glitchunt is an open-source penetration testing tool developed in collaboration with the Tegal1337 cybersecurity community. The tool is designed to help security researchers and penetration testers discover hidden elements on web pages that could potentially reveal security vulnerabilities. These hidden elements include those with the hidden attribute, display: none, opacity: 0, or visibility: hidden CSS properties.

The project consists of two implementations: a Python CLI tool and a browser extension. I contributed by developing the cross-browser extension using JavaScript, which provides an intuitive graphical interface for scanning and interacting with hidden elements directly within the browser. The tool has already proven valuable in real-world penetration testing, successfully identifying security issues such as a web application that unified user and admin registration in a single path, with role differentiation hidden in concealed form elements.

Technical Approach

For the Glitchunt extension, I built a cross-browser compatible tool using vanilla JavaScript to ensure it works seamlessly across Chrome, Firefox, and other modern browsers. The extension architecture consists of three main components: a background service worker for managing extension lifecycle and permissions, a content script that runs on web pages to detect hidden elements, and a popup interface for user interaction.

The core detection mechanism works by traversing the entire DOM tree and checking each element's computed styles. For every element on the page, the tool examines four key properties: the presence of a hidden attribute, display: none in computed styles, visibility: hidden, and opacity: 0. This comprehensive approach ensures that no hidden elements escape detection, regardless of which method was used to conceal them. To handle element identification reliably, I implemented multiple selector strategies including CSS selectors with class names and IDs, XPath generation for more precise targeting, and fallback mechanisms to ensure elements can be found even after page mutations.

The extension provides real-time interaction capabilities. When a user clicks the scan button, the content script immediately analyzes the current page and categorizes discovered elements by their hiding method. Users can then interact with these elements through three primary actions: revealing the element by modifying its styles, scrolling to the element's position on the page with visual highlighting, and toggling visibility on and off. Each interaction is handled carefully to preserve the original element state, allowing testers to restore elements to their hidden condition after inspection.

One of the key technical challenges was ensuring reliable element targeting across different hiding methods and page structures. I solved this by implementing a multi-layered selector strategy that generates unique identifiers combining tag names, classes, and positional information. When simple selectors fail, the tool falls back to XPath, and as a last resort, uses attribute matching. This robust approach ensures elements remain accessible even on dynamically generated pages or single-page applications.

Performance was another critical consideration. Scanning pages with thousands of elements could potentially cause browser lag, so I optimized the detection loop to run efficiently and implemented result caching in Chrome's storage API. This allows users to review previous scan results without re-scanning, improving the overall testing workflow.

Key Features

  • Comprehensive Hidden Element Detection: Scans for elements hidden via hidden attribute, display: none, visibility: hidden, and opacity: 0
  • Cross-Browser Compatibility: Works seamlessly on Chrome, Firefox, and other modern browsers
  • Real-time Interaction: Reveal hidden elements, scroll to their location, and toggle visibility directly from the extension
  • Visual Highlighting: Temporarily highlights elements when revealed or scrolled to, making them easy to identify
  • Persistent Results: Stores scan results in browser storage for review without re-scanning
  • Element Preview: Shows tag name, class information, and text content for quick identification
  • XPath Generation: Provides XPath selectors for elements, useful for automated testing scripts
  • Lightweight Performance: Efficient DOM traversal optimized for pages with thousands of elements