Client-Side Prototype Pollution Tools
Match rules for Burp Software Version Reporter extension
Match rules that passively detect vulnerable libraries even in minified JS code.
JS script that highlights custom fields in prototypes and constructors that can be useful in exploiting Prototype Pollution.
pollute.js is a script that highlights access to uninitialized properties using code instrumentation. By adding a small script to it, you can replace all Burp Proxy HTTP responses with modified code.
- Install pollute.js dependencies
- Setup webserver to run pollute.js using pollute.php (or write your own wrapper)
- Customize your link in POLLUTE_JS
- Build Burp Suite extension
Now you can setup logging conditions in pollute.js PREAMBLE. For example, to search for DOM Clobbering gadgets, replace
obj instanceof Object
(obj instanceof Window || obj instanceof Document)
If you want to log access to properties only after Prototype Pollution has already triggered, add the condition
typeof Object.prototype != 'undefined'
and call the page with