DOM Invader: Prototype Pollution
Last year we made it significantly easier to find DOM XSS, when we introduced a brand new tool called DOM Invader. This year, we've improved DOM Invader to make finding client-side prototype pollution as easy as a couple of clicks. Find out more in the blog post: https://portswigger.net/blog/finding-... Timestamps: 00:06 Client Side Prototype Pollution 02:55 Finding prototype pollution sources 05:04 Testing a prototype pollution source 06:33 Finding gadgets 09:26 Exploiting gadgets 10:06 Choosing where to inject prototype pollution 11:23 Choosing techniques 12:16 Scan each technique in a separate frame 13:38 Customising gadget scanning 14:42 General settings 16:26 Callbacks 18:39 General improvements
▶︎
How Does Prototype Pollution Actually Work?
▶︎
NahamCon2021 - Using Chromedp to Hunt for Prototype Pollution - @TomNomNom
▶︎
HTTP Request Smuggling All-in-One
▶︎
The Complete Web Development Roadmap
▶︎
Cracking the Lens: Targeting HTTP's Hidden Attack-Surface
▶︎
Understanding JavaScript Prototypes & Prototype Pollution Attacks
▶︎
Instant Focus Mode – 40Hz Gamma Brainwave Music for Deep Focus & Productivity
▶︎
She Asks if I Know Coldplay and This Singer Shocks The Street
▶︎
Building the PERFECT Linux PC with Linus Torvalds
▶︎
Web Cache Entanglement: Novel Pathways to Poisoning - James Kettle (albinowax)
▶︎
Prototype Pollution Leads to RCE: Gadgets Everywhere
▶︎
How to Use DOM Invader in 2023
▶︎
I Made an Antivirus That Secretly Attacks Scammers
▶︎
Professor Jiang: World War 3 Is About To Begin, Let Me Explain!
▶︎
How to make 3D Games in Godot
▶︎
You Know This Song (but the Orchestra Doesn’t) | Jacob Collier & VSO School of Music Orchestra | TED
▶︎
Client-side prototype pollution via flawed sanitization | PortSwigger Academy tutorial
▶︎
Very creative way to turn Prototype Pollution into RCE in kibana - Bug Bounty Reports Explained
▶︎
Billionaire's WARNING: I'm SELLING. The Crash Is Already Here!
▶︎