DOM Invader: Prototype Pollution

Автор: PortSwigger

Загружено: 2022-06-20

Просмотров: 9333

Описание:

Last year we made it significantly easier to find DOM XSS, when we introduced a brand new tool called DOM Invader. This year, we've improved DOM Invader to make finding client-side prototype pollution as easy as a couple of clicks.

Find out more in the blog post: https://portswigger.net/blog/finding-...

Timestamps:
00:06 Client Side Prototype Pollution
02:55 Finding prototype pollution sources
05:04 Testing a prototype pollution source
06:33 Finding gadgets
09:26 Exploiting gadgets
10:06 Choosing where to inject prototype pollution
11:23 Choosing techniques
12:16 Scan each technique in a separate frame
13:38 Customising gadget scanning
14:42 General settings
16:26 Callbacks
18:39 General improvements

DOM Invader: Prototype Pollution

Доступные форматы для скачивания:

Скачать видео mp4

Информация по загрузке:

Скачать аудио mp3

Похожие видео

How Does Prototype Pollution Actually Work?

How Does Prototype Pollution Actually Work?

Introducing DOM invader - A new tool within Burp Suite

Introducing DOM invader - A new tool within Burp Suite

Digging for XSS Gold: Unearthing Browser Quirks with Shazzer

Digging for XSS Gold: Unearthing Browser Quirks with Shazzer

PortSwigginar: Burp Scanner for pentesters - March 2023

PortSwigginar: Burp Scanner for pentesters - March 2023

Mastering DOM XSS for Bug Bounties: DOM Invader & Bug Bounty Reports!

Mastering DOM XSS for Bug Bounties: DOM Invader & Bug Bounty Reports!

Bug Bounty: Exploiting Prototype Pollution for Easy $$$ (Manual + Automation Guide)

Bug Bounty: Exploiting Prototype Pollution for Easy $$$ (Manual + Automation Guide)

Client Side Prototype Pollution(Arabic)

Client Side Prototype Pollution(Arabic)

BUG BOUNTY: UNDERSTANDING PROTOTYPE POLLUTION VULNERABILITY | 2023

BUG BOUNTY: UNDERSTANDING PROTOTYPE POLLUTION VULNERABILITY | 2023

NahamCon2021 - Using Chromedp to Hunt for Prototype Pollution - @TomNomNom

NahamCon2021 - Using Chromedp to Hunt for Prototype Pollution - @TomNomNom

Чем ОПАСЕН МАХ? Разбор приложения специалистом по кибер безопасности

Чем ОПАСЕН МАХ? Разбор приложения специалистом по кибер безопасности

Как использовать DOM Invader в 2023 году

Как использовать DOM Invader в 2023 году

How to scan a website for vulnerabilities using Burp Scanner

How to scan a website for vulnerabilities using Burp Scanner

HTTP/2: The Sequel is Always Worse - James Kettle (albinowax)

HTTP/2: The Sequel is Always Worse - James Kettle (albinowax)

Какие полезные нагрузки XSS приносят наибольшие вознаграждения? — Анализ 174 отчетов

Какие полезные нагрузки XSS приносят наибольшие вознаграждения? — Анализ 174 отчетов

Portable Data exFiltration XSS for PDFs - Gareth Heyes

Portable Data exFiltration XSS for PDFs - Gareth Heyes

Cross-Origin Resource Sharing (CORS) | Complete Guide

Cross-Origin Resource Sharing (CORS) | Complete Guide

Dastardly: Web security training for developers

Dastardly: Web security training for developers

Как создать собственный VPN сервер Vless XHTTP с графической панелью 3x-ui и доменом.

Как создать собственный VPN сервер Vless XHTTP с графической панелью 3x-ui и доменом.

Understanding Prototype Pollution w/ Isaac Burton

Understanding Prototype Pollution w/ Isaac Burton

DOM XSS via client-side prototype pollution | PortSwigger Academy tutorial

DOM XSS via client-side prototype pollution | PortSwigger Academy tutorial