Client Side Protype pollution Scanner
- Clone the repo
- Install addon
- In chrome,
- Go to More Tools -> Extenstions
- Enable Developer Mode
- Click on "Load unpacked" and select the cloned repo folder.
- Visit the websites you want to test
It only checks for vulnerable location parsers.
Window mode is useful when the application uses frame busting.
If, you see XFO or CSP errors reload the extension. Extension tested on chrome version 86.
Check for the gadgets here https://github.com/BlackFan/client-side-prototype-pollution