Hi,

Some web pages may use the "location.hash" to read the hash value. It's better to check this source along with the "location.search". The following code uses a vulnerable gadget (jquery deparam) to read the hash value.

Payload for this gadget: ?__proto__[onload]=alert(1) Case-1: location.search -> ppmap detects the pollution and generates the above payload Case-2: location.hash -> ppmap does not detect the pollution

XSS Challenge from r/Slackers

    c:\go\src\github.com\chromedp\cdproto\page (from $GOROOT)
    C:\Users\Yaseen\go\src\github.com\chromedp\cdproto\page (from $GOPATH)

........\go\src\github.com\chromedp\chromedp\browser.go:18:2: cannot find package "github.com/chromedp/cdproto/runtime" in any of: c:\go\src\github.com\chromedp\cdproto\runtime (from $GOROOT) C:\Users\Yaseen\go\src\github.com\chromedp\cdproto\runtime (from $GOPATH) ........\go\src\github.com\chromedp\chromedp\browser.go:19:2: cannot find package "github.com/chromedp/cdproto/target" in any of: c:\go\src\github.com\chromedp\cdproto\target (from $GOROOT) C:\Users\Yaseen\go\src\github.com\chromedp\cdproto\target (from $GOPATH) ........\go\src\github.com\chromedp\chromedp\conn.go:9:2: cannot find package "github.com/gobwas/ws" in any of: c:\go\src\github.com\gobwas\ws (from $GOROOT) C:\Users\Yaseen\go\src\github.com\gobwas\ws (from $GOPATH) ........\go\src\github.com\chromedp\chromedp\conn.go:10:2: cannot find package "github.com/gobwas/ws/wsutil" in any of: c:\go\src\github.com\gobwas\ws\wsutil (from $GOROOT) C:\Users\Yaseen\go\src\github.com\gobwas\ws\wsutil (from $GOPATH) ........\go\src\github.com\chromedp\chromedp\browser.go:13:2: cannot find package "github.com/mailru/easyjson" in any of: c:\go\src\github.com\mailru\easyjson (from $GOROOT) C:\Users\Yaseen\go\src\github.com\mailru\easyjson (from $GOPATH) ........\go\src\github.com\chromedp\chromedp\conn.go:11:2: cannot find package "github.com/mailru/easyjson/jlexer" in any of: c:\go\src\github.com\mailru\easyjson\jlexer (from $GOROOT) C:\Users\Yaseen\go\src\github.com\mailru\easyjson\jlexer (from $GOPATH) ........\go\src\github.com\chromedp\chromedp\conn.go:12:2: cannot find package "github.com/mailru/easyjson/jwriter" in any of: c:\go\src\github.com\mailru\easyjson\jwriter (from $GOROOT) C:\Users\Yaseen\go\src\github.com\mailru\easyjson\jwriter (from $GOPATH)

I am getting this error on building. i have chromium installed

Hi As I start this tool it only shows that it's starting and only (?constructor%5Bprototype%5D%5Bppmap%5D=reserved) this is executed and then it just keeps on working. Even I had given him an hour but still no result and not even a next payload. Can you kindly guide me with this problem.

I wanted to know if you maybe know a workaround this. I sucesfully tried the tool and it worked in 2 of my VPS, but in one of them it fails, it goes throw all the "requests" pretty fast and gives "erro" in all of them.

echo https://tomnomnom.uk/pp/?page=foo | ppmap
                                                                                 
    dMMMMb  dMMMMb  dMMMMMMMMb  .aMMMb  dMMMMb     v1.2.0
   dMP.dMP dMP.dMP dMP"dMP"dMP dMP"dMP dMP.dMP 
  dMMMMP" dMMMMP" dMP dMP dMP dMMMMMP dMMMMP"  
 dMP     dMP     dMP dMP dMP dMP dMP dMP           
dMP     dMP     dMP dMP dMP dMP dMP dMP            @kleiton0x7e

                                     
2022/08/19 05:26:10 [ERRO] https://tomnomnom.uk/pp/?page=foo&constructor%5Bprototype%5D%5Bppmap%5D=reserved
2022/08/19 05:26:10 [ERRO] https://tomnomnom.uk/pp/?page=foo&__proto__.ppmap=reserved
2022/08/19 05:26:10 [ERRO] https://tomnomnom.uk/pp/?page=foo&constructor.prototype.ppmap=reserved
2022/08/19 05:26:10 [ERRO] https://tomnomnom.uk/pp/?page=foo&__proto__%5Bppmap%5D=reserved

I successfully installed the requisites and chrome but something (I don't know what) fails when I run it. I updated everything and might be something I am unaware of.

Any idea what I can do to debug what's failing?

Downloaded the precompiled binary and tried running ppmap but gave "permission denied"

When I tried with sudo it says "command not found"

Please provide information about the licence for this software, because without this the tool cannot be used in environments requiring strict software regulations.

There's an npm project at https://www.npmjs.com/package/js-library-detector which provides code/library that you can run to detect which libraries exist on the page. Very similar to the gadgets detection that you referenced in the https://gist.github.com/nikitastupin/b3b64a9f8c0eb74ce37626860193eaec snippet.

Hi Kleiton,

Great job putting this together! It's handy to run quick scans and demonstrate the issue in general for awareness and education reasons.

Thanks ❤️

For a better reading, all packages must be grouped within the same import, although nothing changes if they are declared individually since the compiler reads it in the same way, but it is more idiomatic to do it this way especially for other developers