Skip to main content
Strix uses a Playwright-controlled Chrome browser for testing client-side vulnerabilities.

Capabilities

  • Multi-tab sessions — Test multiple pages simultaneously
  • JavaScript execution — Run custom scripts in page context
  • Form interaction — Click, type, and navigate like a real user
  • Screenshot capture — Visual verification of exploits
  • Console monitoring — Capture JavaScript errors and logs

Use Cases

XSS Testing

The browser can inject payloads and verify JavaScript execution in the DOM.

Authentication Flows

Test login, session management, and OAuth flows by navigating through the actual UI.

CSRF Validation

Open multiple tabs to test cross-site request forgery with different sessions.

DOM-Based Vulnerabilities

Execute JavaScript to inspect and manipulate the DOM for client-side issues.

Key Features

FeatureDescription
Persistent sessionsBrowser state maintained across actions
Coordinate-based clickingPrecise element interaction
PDF exportSave page states for reports
Source viewingInspect rendered HTML
The browser runs in headless Chrome mode within the Docker sandbox.