msrkp/PPScan msrkp/PPScan

  • Stars
    star
    510
  • Rank 86,627 (Top 2 %)
  • Language
    JavaScript
  • License
    MIT License
  • Created about 4 years ago
  • Updated about 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
msrkp/PPScan
github

msrkp

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Client Side Prototype Pollution Scanner

PPScan

Client Side Protype pollution Scanner

How to use?

  1. Clone the repo
  2. Install addon
    • In chrome,
    • Go to More Tools -> Extenstions
    • Enable Developer Mode
    • Click on "Load unpacked" and select the cloned repo folder.
  3. Visit the websites you want to test

It only checks for vulnerable location parsers.

Examples

  1. https://msrkp.github.io/pp/1.html
  2. https://msrkp.github.io/pp/2.html

Why window mode?

Window mode is useful when the application uses frame busting.

Example

https://msrkp.github.io/pp/3.html

Note

If, you see XFO or CSP errors reload the extension. Extension tested on chrome version 86.

Found PP? What's Next?

Check for the gadgets here https://github.com/BlackFan/client-side-prototype-pollution

More Repositories

1

hacker-roadmap

Roadmap to get started in Infosec for absolute begineer
87
star
2

electron-research

Electron Research
68
star
3

exploits

'>"><img src=x onerror=alert(1) /><b>asd</b>
JavaScript
45
star
4

codeql_for_gadgets

Codeql Queries for finding gadgets
CodeQL
8
star
5

ctf_writeups

This repo contains some of the writeups of ctfs played by Team Invaders.
Python
6
star
6

one-click-hugo-cms

SCSS
1
star
7

asnprobe

Port scan on given asn list.
Shell
1
star
8

MangoLeafOrNot-Binary-Classification-using-Keras

Binary Classification(Mango Leaf/other)
Python
1
star