Client Side Protype pollution Scanner
- Install addon
- Visit the websites you want to test
It only checks for vulnerable location parsers.
Window mode is useful when the application uses frame busting.
https://msrkp.github.io/pp/3.html
If, you see XFO or CSP errors reload the extension. Extension tested on chrome version 86.
Check for the gadgets here https://github.com/BlackFan/client-side-prototype-pollution