Page-fetch is a new open-source tool created by the Detectify Security Research team that helps hunt for prototype pollution issues.
Detectify’s solution can already find issues that stem from product pollution when running the Deep Scan DAST scanner, but now pentesters, bug bounty hunters and security researchers can also look for this vulnerability as well as other client-side issues using page-fetch.
By having a copy of those resources, users can build custom word lists and use filters to exclude third-party requests, save only third-party requests, and include or exclude requests based on their content-type.
To look for prototype pollution, one needs to pick a payload to try in the query string of our input URL, and then test to see if the value was set as expected. Then, the test code just checks to see if ‘window.testparam’ is equal to ‘testval’, and if it is: returns the string ‘vulnerable’, and returns not vulnerable otherwise.
Additional details on how it works are available here.