├── .gitignore
├── BappDescription.html
├── BappManifest.bmf
├── LICENSE
├── README.md
├── albinowaxUtils-all.jar
├── gradle
└── wrapper
│ ├── gradle-wrapper.jar
│ └── gradle-wrapper.properties
├── gradlew
├── gradlew.bat
├── resources
├── assetnote-params
├── boring_headers
├── functions
├── headers
├── params
└── words
├── settings.gradle
└── src
├── burp
├── BurpExtender.java
├── Correlator.java
├── FatGet.java
├── GrabScan.java
├── HeaderMutationGuesser.java
├── HeaderMutationScan.java
├── HeaderPoison.java
├── Keysmith.java
├── LimitedHashMap.java
├── MetaRequest.java
├── Monitor.java
├── NormalisedParamScan.java
├── NormalisedPathScan.java
├── OfferParamGuess.java
├── ParamAttack.java
├── ParamGrabber.java
├── ParamGuesser.java
├── ParamHolder.java
├── PartialParam.java
├── PortDOS.java
├── Probe.java
├── PrototypePollutionAddJSPropertyScan.java
├── PrototypePollutionAsyncBodyScan.java
├── PrototypePollutionAsyncParamScan.java
├── PrototypePollutionBodyDotScan.java
├── PrototypePollutionBodyScan.java
├── PrototypePollutionBodySquareScan.java
├── PrototypePollutionJSPropertyParamScan.java
├── PrototypePollutionParamDotScan.java
├── PrototypePollutionParamScan.java
├── PrototypePollutionParamSquareScan.java
├── RailsUtmScan.java
├── RandomComparator.java
├── TriggerParamGuesser.java
├── UnkeyedParamScan.java
├── ValueGuesser.java
└── WordProvider.java
└── test
└── java
└── burp
└── PrototypePollutionBodyScanTest.java
/.gitignore:
--------------------------------------------------------------------------------
1 | .gradle/
2 | .idea/
3 | build/
4 | out/
--------------------------------------------------------------------------------
/BappDescription.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/BappDescription.html
--------------------------------------------------------------------------------
/BappManifest.bmf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/BappManifest.bmf
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/LICENSE
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/README.md
--------------------------------------------------------------------------------
/albinowaxUtils-all.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/albinowaxUtils-all.jar
--------------------------------------------------------------------------------
/gradle/wrapper/gradle-wrapper.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/gradle/wrapper/gradle-wrapper.jar
--------------------------------------------------------------------------------
/gradle/wrapper/gradle-wrapper.properties:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/gradle/wrapper/gradle-wrapper.properties
--------------------------------------------------------------------------------
/gradlew:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/gradlew
--------------------------------------------------------------------------------
/gradlew.bat:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/gradlew.bat
--------------------------------------------------------------------------------
/resources/assetnote-params:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/resources/assetnote-params
--------------------------------------------------------------------------------
/resources/boring_headers:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/resources/boring_headers
--------------------------------------------------------------------------------
/resources/functions:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/resources/functions
--------------------------------------------------------------------------------
/resources/headers:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/resources/headers
--------------------------------------------------------------------------------
/resources/params:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/resources/params
--------------------------------------------------------------------------------
/resources/words:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/resources/words
--------------------------------------------------------------------------------
/settings.gradle:
--------------------------------------------------------------------------------
1 | rootProject.name = 'server-side-prototype-pollution'
2 |
--------------------------------------------------------------------------------
/src/burp/BurpExtender.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/BurpExtender.java
--------------------------------------------------------------------------------
/src/burp/Correlator.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/Correlator.java
--------------------------------------------------------------------------------
/src/burp/FatGet.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/FatGet.java
--------------------------------------------------------------------------------
/src/burp/GrabScan.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/GrabScan.java
--------------------------------------------------------------------------------
/src/burp/HeaderMutationGuesser.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/HeaderMutationGuesser.java
--------------------------------------------------------------------------------
/src/burp/HeaderMutationScan.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/HeaderMutationScan.java
--------------------------------------------------------------------------------
/src/burp/HeaderPoison.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/HeaderPoison.java
--------------------------------------------------------------------------------
/src/burp/Keysmith.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/Keysmith.java
--------------------------------------------------------------------------------
/src/burp/LimitedHashMap.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/LimitedHashMap.java
--------------------------------------------------------------------------------
/src/burp/MetaRequest.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/MetaRequest.java
--------------------------------------------------------------------------------
/src/burp/Monitor.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/Monitor.java
--------------------------------------------------------------------------------
/src/burp/NormalisedParamScan.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/NormalisedParamScan.java
--------------------------------------------------------------------------------
/src/burp/NormalisedPathScan.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/NormalisedPathScan.java
--------------------------------------------------------------------------------
/src/burp/OfferParamGuess.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/OfferParamGuess.java
--------------------------------------------------------------------------------
/src/burp/ParamAttack.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/ParamAttack.java
--------------------------------------------------------------------------------
/src/burp/ParamGrabber.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/ParamGrabber.java
--------------------------------------------------------------------------------
/src/burp/ParamGuesser.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/ParamGuesser.java
--------------------------------------------------------------------------------
/src/burp/ParamHolder.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/ParamHolder.java
--------------------------------------------------------------------------------
/src/burp/PartialParam.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/PartialParam.java
--------------------------------------------------------------------------------
/src/burp/PortDOS.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/PortDOS.java
--------------------------------------------------------------------------------
/src/burp/Probe.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/Probe.java
--------------------------------------------------------------------------------
/src/burp/PrototypePollutionAddJSPropertyScan.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/PrototypePollutionAddJSPropertyScan.java
--------------------------------------------------------------------------------
/src/burp/PrototypePollutionAsyncBodyScan.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/PrototypePollutionAsyncBodyScan.java
--------------------------------------------------------------------------------
/src/burp/PrototypePollutionAsyncParamScan.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/PrototypePollutionAsyncParamScan.java
--------------------------------------------------------------------------------
/src/burp/PrototypePollutionBodyDotScan.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/PrototypePollutionBodyDotScan.java
--------------------------------------------------------------------------------
/src/burp/PrototypePollutionBodyScan.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/PrototypePollutionBodyScan.java
--------------------------------------------------------------------------------
/src/burp/PrototypePollutionBodySquareScan.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/PrototypePollutionBodySquareScan.java
--------------------------------------------------------------------------------
/src/burp/PrototypePollutionJSPropertyParamScan.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/PrototypePollutionJSPropertyParamScan.java
--------------------------------------------------------------------------------
/src/burp/PrototypePollutionParamDotScan.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/PrototypePollutionParamDotScan.java
--------------------------------------------------------------------------------
/src/burp/PrototypePollutionParamScan.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/PrototypePollutionParamScan.java
--------------------------------------------------------------------------------
/src/burp/PrototypePollutionParamSquareScan.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/PrototypePollutionParamSquareScan.java
--------------------------------------------------------------------------------
/src/burp/RailsUtmScan.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/RailsUtmScan.java
--------------------------------------------------------------------------------
/src/burp/RandomComparator.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/RandomComparator.java
--------------------------------------------------------------------------------
/src/burp/TriggerParamGuesser.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/TriggerParamGuesser.java
--------------------------------------------------------------------------------
/src/burp/UnkeyedParamScan.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/UnkeyedParamScan.java
--------------------------------------------------------------------------------
/src/burp/ValueGuesser.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/ValueGuesser.java
--------------------------------------------------------------------------------
/src/burp/WordProvider.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/burp/WordProvider.java
--------------------------------------------------------------------------------
/src/test/java/burp/PrototypePollutionBodyScanTest.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/server-side-prototype-pollution/HEAD/src/test/java/burp/PrototypePollutionBodyScanTest.java
--------------------------------------------------------------------------------