diff --git a/.gitignore b/.gitignore index e43b0f9..4e463ed 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ .DS_Store +web-ext-artifacts/* \ No newline at end of file diff --git a/README.md b/README.md index 1567992..1ad7cb7 100644 --- a/README.md +++ b/README.md @@ -12,23 +12,19 @@ Client Side Protype pollution Scanner ### How to use? -
    -
  1. Clone the repo
  2. -
  3. Install addon - - * In chrome, - * Go to More Tools -> Extenstions - * Enable Developer Mode - * Click on "Load unpacked" and select the cloned repo folder. - -
  4. -
  5. Visit the websites you want to test
  6. -
- +* Clone the repo +* Temporaty install + * In Firefox, go to `about:debugging#/runtime/this-firefox` + * Click on "Load temporaty add-on" and select `manifest.json` from the cloned repo folder. +* Persistent install + * Build `npm install --global web-ext` & `web-ext build` or `npx web-ext build` + * After executing commands, an extension file should appear in ./web-ext-artifacts/ppscan-{Version number}.zip + * To install an extension from a file, switch `xpinstall.signatures.required parameter` to `false` in Firefox on `about:config` page. + * Click "Install add-on from file" on `about:addons` page and select ppscan-{Version number}.zip +* Visit the websites you want to test It only checks for vulnerable location parsers. - ### Examples 1. https://msrkp.github.io/pp/1.html 2. https://msrkp.github.io/pp/2.html diff --git a/manifest.json b/manifest.json index 562a712..f964651 100644 --- a/manifest.json +++ b/manifest.json @@ -3,7 +3,6 @@ "version": "1.0", "manifest_version": 2, "description": "Client Side Prototype Pollution Scanner", - "options_page": "pages/options.html", "permissions": [ "tabs", "storage", @@ -31,5 +30,11 @@ ], "browser_action": { "default_popup": "pages/popup.html" + }, + "applications": { + "gecko": { + "id": "PPScan@msrkp", + "strict_min_version": "57.0" + } } } \ No newline at end of file diff --git a/pages/background.html b/pages/background.html index 5911f86..09dae34 100644 --- a/pages/background.html +++ b/pages/background.html @@ -1,7 +1,7 @@ - + diff --git a/pages/iframe.html b/pages/iframe.html index 5470bad..ed48221 100644 --- a/pages/iframe.html +++ b/pages/iframe.html @@ -3,6 +3,7 @@ PP + diff --git a/pages/options.html b/pages/options.html deleted file mode 100644 index 4ae1c0d..0000000 --- a/pages/options.html +++ /dev/null @@ -1,8 +0,0 @@ - - - - - - - - diff --git a/scripts/background.js b/scripts/background.js index a31f52f..0a63c3c 100644 --- a/scripts/background.js +++ b/scripts/background.js @@ -1,3 +1,5 @@ +var chrome = browser; + const databaseUrl = chrome.extension.getURL('/database.csv'); /* initialize */ @@ -7,11 +9,12 @@ setBadgeCount(0); /* setup listeners */ chrome.runtime.onMessage.addListener((msg, sender, sendResponse) => { - found.add(msg); + sourceUrl = new URL(msg); + found.add(JSON.stringify({ domain: sourceUrl.origin, type: 'Active Mode', file: sourceUrl.href, lineCol: 0 })); setBadgeCount(found.size); }); -chrome.extension.onConnect.addListener((port) => { +chrome.runtime.onConnect.addListener((port) => { console.log('[>] New Session ', port); if (port.name == "logger") { port.onMessage.addListener((msg) => { diff --git a/scripts/content_script.js b/scripts/content_script.js index 23b29d2..d0d6ebc 100644 --- a/scripts/content_script.js +++ b/scripts/content_script.js @@ -1,3 +1,5 @@ +var chrome = browser; + document.addEventListener('TriggerBrute', () => { var iframe = document.createElement('iframe'); iframe.addEventListener('load', () => { diff --git a/scripts/exp.js b/scripts/exp.js index 354444c..12965bf 100644 --- a/scripts/exp.js +++ b/scripts/exp.js @@ -1,3 +1,5 @@ +var chrome = browser; + var PAYLOADS = [ // ['XSS Prototype #1', 'x[__proto__][e32a5ec9c99]', 'ddcb362f1d60', ], // ['XSS Prototype #2', 'x.__proto__.e32a5ec9c99','ddcb362f1d60', ], diff --git a/scripts/options.js b/scripts/options.js deleted file mode 100644 index e69de29..0000000 diff --git a/scripts/popup.js b/scripts/popup.js index b5dd5c0..0724150 100644 --- a/scripts/popup.js +++ b/scripts/popup.js @@ -1,4 +1,6 @@ -var port = chrome.extension.connect({ +var chrome = browser; + +var port = chrome.runtime.connect({ name: "logger" }); diff --git a/scripts/utils.js b/scripts/utils.js index afedb98..4d2cb59 100644 --- a/scripts/utils.js +++ b/scripts/utils.js @@ -1,3 +1,5 @@ +var chrome = browser; + const DEBUG = false; const blacklist = [ @@ -107,8 +109,7 @@ const check = ({ requestUri, initiator }) => { if (blacklist.indexOf(requestUri + ':' + lineCol) != -1) { return; } - - found.add(JSON.stringify({ domain: initiator, type: name, file: requestUri, lineCol })) + found.add(JSON.stringify({ domain: new URL(initiator).origin, type: name, file: requestUri, lineCol })) setBadgeCount(found.size); }); }) @@ -120,9 +121,9 @@ const filter = { types: ["script"] }; -const scan = ({ method, url, initiator }) => { +const scan = (request) => { // if (method == "GET") { - check({ requestUri: url, initiator }); + check({ requestUri: request.url, initiator: request.originUrl }); // } };