JSONPeek

JSONPeek is a Firefox extension and a web service designed to test potential JSONP endpoints by injecting payloads into the common callback parameters of a given URL. This webserver accepts a url GET parameter that includes a single base64 encoded suspected JSONP endpoint. Common JSONP parameters of the suspected endpoint are injected with proof of concept payloads (highlighted in red below) in an attempt to trigger the alert() function. This webpage hooks the alert function and records the success or failure of each payload attempt in the table below.

To try it out, simply click HERE to test a sample URL.

If you discover a valid JSONP endpoint, please report it by creating a quick GitHub issue!

Sponsored by Black Hills Information Security

for Firefox
Copy JSONP Callback URL Status

GitHub Repo