msrkp / ppscan Goto Github PK

Hi -

This may be "user error" but I am not able to see which parameters are vulnerable within the extension box like in the example you provided in the README.md. I can find the effected parameters if I go back through the burp history, but it would be easier to see in the extension output box. Again, it could be something on my end - I am using the version of Chrome that comes with Burp Suite Pro (90.0.4430.93). I have attached a screenshot of what I mean, what you see in the screenshot is the only data available to me, I am not able to expand on any of the categories.

Not sure why. Is this a problem with the most recent versions of Chrome or am I doing something wrong?

Website here is https://ctf.nikitastupin.com/pp/known.html

Thank you

Hi,

as title. It's possible there is no real security risk behind it, especially when the target is not vulnerable to prototype pollution. However I think it would still be best practice to not reference as part of the extension a parked domain that in the future could be hijacked.

Example:

https://example.com/#__proto__[attrs][src]=1&__proto__[src]=//p6.is/ppscan.php
https://example.com/#__proto__[BOOMR]=1&__proto__[url]=//p6.is/ppscan.php

I would like to install the PPScan. I am not able to find any documentation for installation.

revise the code at scripts/popup.js:88

function listFound(found) {
    // foundList.innerHTML = '';
    foundLabel.style.display = foundList.style.display = found.length > 0 ? 'block' : 'none';
    found.forEach((str) => {
        try {
            const line = JSON.parse(str);
            const tr = document.createElement("tr");
            if (line['domain'] == 'null') 
                hostname = line['domain'];
            else
                hostname = new URL(line['domain']).hostname;
            tr.innerHTML = `<td><a target="_blank" href="${line['domain']}">${hostname}</a></td><td>${line['type']}</td><td><a target="_blank" href="${line['file']}">${line['file']}:${line['lineCol']}</a></td>`;
            foundList.appendChild(tr);
        } catch (e) {
            const tr = document.createElement("tr");
            tr.innerHTML = `<td><a target="_blank" href="${str}">${new URL(str).hostname}</a></td><td>brute</td><td><a target="_blank" href="${str}">${str}</a></td>`;
            foundList.appendChild(tr);
        }
    });
}

I got following message in type column

What it means ?

Type

| Unknown Lib [7] |