Research Academy
My account Customers About Blog Careers Legal Contact Resellers
  1. Support Center
  2. BApp Store
  3. Prototype Pollution Gadgets Finder

Professional

Prototype Pollution Gadgets Finder

Download BApp

The Prototype Pollution Gadgets Finder is a powerful Burp Suite extension designed to detect and analyze server-side prototype pollution vulnerabilities in web applications. This tool automates the process of scanning requests to identify potential prototype pollution issues. It exploits known gadgets - methods of leveraging prototype pollution to execute harmful actions - particularly focusing on Node.js libraries.

Features

  • Automated scanning of HTTP requests for prototype pollution vulnerabilities.
  • Detection and exploitation of known gadgets in Node.js libraries.
  • Direct exploitation approach to assess the impact of prototype pollution in server-side environments.

How to use

  1. Right-click on any HTTP request and select "Extensions -> Prototype Pollution Gadgets Finder -> Scan Gadgets"
  2. The extension will analyze the request and attempt to poison the prototype if the application is vulnerable.
  3. Review the results to identify potential gadgets and their impacts.

Author

 Author

Doyensec

Version

 Version

1.0

Rating

 Rating

Popularity

 Popularity

Last updated

 Last updated

09 October 2024

Estimated system impact

 Estimated system impact

Overall impact: Empty

Memory
Empty
CPU
Empty
General
Empty
Scanner
Empty

You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.

You can view the source code for all BApp Store extensions on our GitHub page.

Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.

Go back to BappStore

Note:

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.