From a5315ef6248bd50e108ee286aefc1dbbc379019e Mon Sep 17 00:00:00 2001
From: zethash <91867430+zethash@users.noreply.github.com>
Date: Sun, 7 Nov 2021 12:18:15 +0300
Subject: [PATCH 1/5] chore: Remove blank options page and script
---
pages/options.html | 8 --------
scripts/options.js | 0
2 files changed, 8 deletions(-)
delete mode 100644 pages/options.html
delete mode 100644 scripts/options.js
diff --git a/pages/options.html b/pages/options.html
deleted file mode 100644
index 4ae1c0d..0000000
--- a/pages/options.html
+++ /dev/null
@@ -1,8 +0,0 @@
-
-
-
-
-
-
-
-
diff --git a/scripts/options.js b/scripts/options.js
deleted file mode 100644
index e69de29..0000000
From bc5ac95880b82c5e650fc18dda1e3a3491471288 Mon Sep 17 00:00:00 2001
From: zethash <91867430+zethash@users.noreply.github.com>
Date: Sun, 7 Nov 2021 12:19:53 +0300
Subject: [PATCH 2/5] feat: Set unicode meta-tag for all html pages
---
pages/background.html | 2 +-
pages/iframe.html | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/pages/background.html b/pages/background.html
index 5911f86..09dae34 100644
--- a/pages/background.html
+++ b/pages/background.html
@@ -1,7 +1,7 @@
-
+
diff --git a/pages/iframe.html b/pages/iframe.html
index 5470bad..ed48221 100644
--- a/pages/iframe.html
+++ b/pages/iframe.html
@@ -3,6 +3,7 @@
PP
+
From c61942a81199627876185b8a00ce895c8e4d2ebf Mon Sep 17 00:00:00 2001
From: zethash <91867430+zethash@users.noreply.github.com>
Date: Sun, 7 Nov 2021 12:22:09 +0300
Subject: [PATCH 3/5] feat: Remove chrome specific methods, others adaptate
---
manifest.json | 7 ++++++-
scripts/background.js | 7 +++++--
scripts/content_script.js | 2 ++
scripts/exp.js | 2 ++
scripts/popup.js | 4 +++-
scripts/utils.js | 9 +++++----
6 files changed, 23 insertions(+), 8 deletions(-)
diff --git a/manifest.json b/manifest.json
index 562a712..f964651 100644
--- a/manifest.json
+++ b/manifest.json
@@ -3,7 +3,6 @@
"version": "1.0",
"manifest_version": 2,
"description": "Client Side Prototype Pollution Scanner",
- "options_page": "pages/options.html",
"permissions": [
"tabs",
"storage",
@@ -31,5 +30,11 @@
],
"browser_action": {
"default_popup": "pages/popup.html"
+ },
+ "applications": {
+ "gecko": {
+ "id": "PPScan@msrkp",
+ "strict_min_version": "57.0"
+ }
}
}
\ No newline at end of file
diff --git a/scripts/background.js b/scripts/background.js
index a31f52f..0a63c3c 100644
--- a/scripts/background.js
+++ b/scripts/background.js
@@ -1,3 +1,5 @@
+var chrome = browser;
+
const databaseUrl = chrome.extension.getURL('/database.csv');
/* initialize */
@@ -7,11 +9,12 @@ setBadgeCount(0);
/* setup listeners */
chrome.runtime.onMessage.addListener((msg, sender, sendResponse) => {
- found.add(msg);
+ sourceUrl = new URL(msg);
+ found.add(JSON.stringify({ domain: sourceUrl.origin, type: 'Active Mode', file: sourceUrl.href, lineCol: 0 }));
setBadgeCount(found.size);
});
-chrome.extension.onConnect.addListener((port) => {
+chrome.runtime.onConnect.addListener((port) => {
console.log('[>] New Session ', port);
if (port.name == "logger") {
port.onMessage.addListener((msg) => {
diff --git a/scripts/content_script.js b/scripts/content_script.js
index 23b29d2..d0d6ebc 100644
--- a/scripts/content_script.js
+++ b/scripts/content_script.js
@@ -1,3 +1,5 @@
+var chrome = browser;
+
document.addEventListener('TriggerBrute', () => {
var iframe = document.createElement('iframe');
iframe.addEventListener('load', () => {
diff --git a/scripts/exp.js b/scripts/exp.js
index 354444c..12965bf 100644
--- a/scripts/exp.js
+++ b/scripts/exp.js
@@ -1,3 +1,5 @@
+var chrome = browser;
+
var PAYLOADS = [
// ['XSS Prototype #1', 'x[__proto__][e32a5ec9c99]', 'ddcb362f1d60', ],
// ['XSS Prototype #2', 'x.__proto__.e32a5ec9c99','ddcb362f1d60', ],
diff --git a/scripts/popup.js b/scripts/popup.js
index b5dd5c0..0724150 100644
--- a/scripts/popup.js
+++ b/scripts/popup.js
@@ -1,4 +1,6 @@
-var port = chrome.extension.connect({
+var chrome = browser;
+
+var port = chrome.runtime.connect({
name: "logger"
});
diff --git a/scripts/utils.js b/scripts/utils.js
index afedb98..4d2cb59 100644
--- a/scripts/utils.js
+++ b/scripts/utils.js
@@ -1,3 +1,5 @@
+var chrome = browser;
+
const DEBUG = false;
const blacklist = [
@@ -107,8 +109,7 @@ const check = ({ requestUri, initiator }) => {
if (blacklist.indexOf(requestUri + ':' + lineCol) != -1) {
return;
}
-
- found.add(JSON.stringify({ domain: initiator, type: name, file: requestUri, lineCol }))
+ found.add(JSON.stringify({ domain: new URL(initiator).origin, type: name, file: requestUri, lineCol }))
setBadgeCount(found.size);
});
})
@@ -120,9 +121,9 @@ const filter = {
types: ["script"]
};
-const scan = ({ method, url, initiator }) => {
+const scan = (request) => {
// if (method == "GET") {
- check({ requestUri: url, initiator });
+ check({ requestUri: request.url, initiator: request.originUrl });
// }
};
From 9edc2fd6aebf2a02de0abbd55a48217991be7b47 Mon Sep 17 00:00:00 2001
From: zethash <91867430+zethash@users.noreply.github.com>
Date: Sun, 7 Nov 2021 12:36:54 +0300
Subject: [PATCH 4/5] docs: Manual for temporary install or build
---
README.md | 24 ++++++++++--------------
1 file changed, 10 insertions(+), 14 deletions(-)
diff --git a/README.md b/README.md
index 1567992..1ad7cb7 100644
--- a/README.md
+++ b/README.md
@@ -12,23 +12,19 @@ Client Side Protype pollution Scanner
### How to use?
-
- - Clone the repo
- - Install addon
-
- * In chrome,
- * Go to More Tools -> Extenstions
- * Enable Developer Mode
- * Click on "Load unpacked" and select the cloned repo folder.
-
-
- - Visit the websites you want to test
-
-
+* Clone the repo
+* Temporaty install
+ * In Firefox, go to `about:debugging#/runtime/this-firefox`
+ * Click on "Load temporaty add-on" and select `manifest.json` from the cloned repo folder.
+* Persistent install
+ * Build `npm install --global web-ext` & `web-ext build` or `npx web-ext build`
+ * After executing commands, an extension file should appear in ./web-ext-artifacts/ppscan-{Version number}.zip
+ * To install an extension from a file, switch `xpinstall.signatures.required parameter` to `false` in Firefox on `about:config` page.
+ * Click "Install add-on from file" on `about:addons` page and select ppscan-{Version number}.zip
+* Visit the websites you want to test
It only checks for vulnerable location parsers.
-
### Examples
1. https://msrkp.github.io/pp/1.html
2. https://msrkp.github.io/pp/2.html
From 32f43b58aedc1ff060b3d21ec010ccc666ea2dd6 Mon Sep 17 00:00:00 2001
From: zethash <91867430+zethash@users.noreply.github.com>
Date: Sun, 7 Nov 2021 12:37:28 +0300
Subject: [PATCH 5/5] chore: Ignore folder with builded ext zips
---
.gitignore | 1 +
1 file changed, 1 insertion(+)
diff --git a/.gitignore b/.gitignore
index e43b0f9..4e463ed 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
.DS_Store
+web-ext-artifacts/*
\ No newline at end of file