Web page-fetch is a brand new open-source instrument created by the Detectify Safety Analysis crew that helps hunt for prototype air pollution points.
Detectify’s answer can already discover points that stem from product air pollution when operating the Deep Scan DAST scanner, however now pentesters, bug bounty hunters and safety researchers also can search for this vulnerability in addition to different client-side points utilizing page-fetch.
By having a replica of these sources, customers can construct customized phrase lists and use filters to exclude third-party requests, save solely third-party requests, and embody or exclude requests primarily based on their content-type.
To search for prototype air pollution, one wants to select a payload to strive within the question string of our enter URL, after which check to see if the worth was set as anticipated. Then, the check code simply checks to see if ‘window.testparam’ is the same as ‘testval’, and whether it is: returns the string ‘susceptible’, and returns not susceptible in any other case.
Further particulars on the way it works can be found here.