Client Side Protype pollution Scanner
- Clone the repo
- Install addon
- In chrome,
- Go to More Tools -> Extenstions
- Enable Developer Mode
- Click on "Load unpacked" and select the cloned repo folder.
- Visit the websites you want to test
It only checks for vulnerable location parsers.
Window mode is useful when the application uses frame busting.
https://msrkp.github.io/pp/3.html
If, you see XFO or CSP errors reload the extension. Extension tested on chrome version 86.
Check for the gadgets here https://github.com/BlackFan/client-side-prototype-pollution