Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/msrkp/PPScan
Client Side Prototype Pollution Scanner
https://github.com/msrkp/PPScan
Last synced: about 1 month ago
JSON representation
Client Side Prototype Pollution Scanner
- Host: GitHub
- URL: https://github.com/msrkp/PPScan
- Owner: msrkp
- License: mit
- Created: 2020-10-13T15:18:23.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2022-09-17T19:29:51.000Z (almost 2 years ago)
- Last Synced: 2024-06-26T00:36:05.401Z (3 months ago)
- Language: JavaScript
- Size: 442 KB
- Stars: 496
- Watchers: 18
- Forks: 63
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- WebHackersWeapons - PPScan - pollution`](/categorize/tags/prototype-pollution.md)|[](/categorize/langs/JavaScript.md)| (Weapons / Tools)
- awesome-hacking-lists - msrkp/PPScan - Client Side Prototype Pollution Scanner (JavaScript)
README
# PPScan
Client Side Protype pollution Scanner
### How to use?
- Clone the repo
- Install addon
* In chrome,
* Go to More Tools -> Extenstions
* Enable Developer Mode
* Click on "Load unpacked" and select the cloned repo folder.
- Visit the websites you want to test
It only checks for vulnerable location parsers.
### Examples
1. https://msrkp.github.io/pp/1.html
2. https://msrkp.github.io/pp/2.html
### Why window mode?
Window mode is useful when the application uses frame busting.
#### Example
https://msrkp.github.io/pp/3.html
#### Note
If, you see XFO or CSP errors reload the extension.
Extension tested on chrome version 86.
### Found PP? What's Next?
Check for the gadgets here https://github.com/BlackFan/client-side-prototype-pollution