How to use DOM Invader

DOM Invader is a browser-based tool that helps you test for DOM XSS vulnerabilities using a variety of sources and sinks, including both web message and prototype pollution vectors. It is available exclusively via Burp's built-in browser, where it comes preinstalled as an extension in the paid and community version. Gareth walks us through how to use DOM Invader In this video!

00:00 Intro
00:14 What is DOM Invader?
01:15 How to use DOM Invader
03:00 Simple canary usage
07:30 How does the exploit feature work?
09:04 How you might navigate false positives
10:40 Customizing sinks
13:51 Using the browser console features inject URL params and Inject Forms
17:40 New features: detecting cross domain leaks with postMessage
20:30 Can DOM Invader be extended?
21:33 New features: Source, sink, and message callbacks
24:40 How to turn on/off source/sinks
26:24 Prototype pollution
30:00 How to find prototype pollution
35:00 Exploiting prototype pollution
37:15 Scan for gadgets & exploiting a gadget to achieve DOM XSS via prototype pollution
39:46 Customizing how you find gadgets

References:
https://portswigger.net/burp/document...
https://portswigger-labs.net/dom-inva...
https://justjavascript.com/