Page-fetch is a new open source tool created by the Detectify Security Research team to help you find prototype contamination issues.
Detectify’s solution can already detect problems caused by product contamination when running Deep Scan DAST scanners, but pen testers, bug bounty hunters, and security researchers also use page fetch. You can look for this vulnerability and other client-side issues.
Having a copy of these resources allows users to create custom word lists, filter out third-party requests, store only third-party requests, and include requests based on content type. Or can be excluded.
To look for prototype contamination, you need to select the payload to try with the query string in the input URL and test whether the values are set as expected. The test code then checks if’window.testparam’is equal to’testval’, returns the string’vulnerable’ otherwise, and returns no vulnerable.
Additional details are available on how it works Here..
This Week’s SD Times Open Source Project: page-fetch
Source link This Week’s SD Times Open Source Project: page-fetch