• Stars
    star
    510
  • Rank 86,627 (Top 2 %)
  • Language
    JavaScript
  • License
    MIT License
  • Created about 4 years ago
  • Updated over 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Client Side Prototype Pollution Scanner

PPScan

Client Side Protype pollution Scanner

How to use?

  1. Clone the repo
  2. Install addon
    • In chrome,
    • Go to More Tools -> Extenstions
    • Enable Developer Mode
    • Click on "Load unpacked" and select the cloned repo folder.
  3. Visit the websites you want to test

It only checks for vulnerable location parsers.

Examples

  1. https://msrkp.github.io/pp/1.html
  2. https://msrkp.github.io/pp/2.html

Why window mode?

Window mode is useful when the application uses frame busting.

Example

https://msrkp.github.io/pp/3.html

Note

If, you see XFO or CSP errors reload the extension. Extension tested on chrome version 86.

Found PP? What's Next?

Check for the gadgets here https://github.com/BlackFan/client-side-prototype-pollution