DOM Invader: Prototype Pollution

Last year we made it significantly easier to find DOM XSS, when we introduced a brand new tool called DOM Invader. This year, we've improved DOM Invader to make finding client-side prototype pollution as easy as a couple of clicks.

Find out more in the blog post: https://portswigger.net/blog/finding-...

Timestamps:
00:06 Client Side Prototype Pollution
02:55 Finding prototype pollution sources
05:04 Testing a prototype pollution source
06:33 Finding gadgets
09:26 Exploiting gadgets
10:06 Choosing where to inject prototype pollution
11:23 Choosing techniques
12:16 Scan each technique in a separate frame
13:38 Customising gadget scanning
14:42 General settings
16:26 Callbacks
18:39 General improvements