Web page-fetch is a brand new open-source instrument created by the Detectify Safety Analysis crew that helps hunt for prototype air pollution points.
Detectify’s answer can already discover points that stem from product air pollution when working the Deep Scan DAST scanner, however now pentesters, bug bounty hunters and safety researchers may also search for this vulnerability in addition to different client-side points utilizing page-fetch.
By having a duplicate of these assets, customers can construct customized phrase lists and use filters to exclude third-party requests, save solely third-party requests, and embrace or exclude requests based mostly on their content-type.
To search for prototype air pollution, one wants to choose a payload to strive within the question string of our enter URL, after which take a look at to see if the worth was set as anticipated. Then, the take a look at code simply checks to see if ‘window.testparam’ is the same as ‘testval’, and whether it is: returns the string ‘susceptible’, and returns not susceptible in any other case.
Further particulars on the way it works can be found here.