Client Side Protype pollution Scanner
How to use?
- Clone the repo
- Install addon
- In chrome,
- Go to More Tools -> Extenstions
- Enable Developer Mode
- Click on "Load unpacked" and select the cloned repo folder.
- Visit the websites you want to test
It only checks for vulnerable location parsers.
Examples
Why window mode?
Window mode is useful when the application uses frame busting.
Example
https://msrkp.github.io/pp/3.html
Note
If, you see XFO or CSP errors reload the extension. Extension tested on chrome version 86.
Found PP? What's Next?
Check for the gadgets here https://github.com/BlackFan/client-side-prototype-pollution