Unlock enhanced API scanning with Burp Suite Enterprise Edition  –  Learn more

ProfessionalCommunity Edition

DOM Invader attack types

  • Last updated: August 30, 2024

  • Read time: 1 Minute

By default, DOM Invader automatically probes for ordinary DOM XSS sources and sinks, but you can optionally configure DOM Invader to attempt other attacks.

DOM Invader attack types settings

Prototype pollution

When this setting is enabled, DOM Invader automatically tries to identify sources for client-side prototype pollution in addition to the usual DOM XSS sources and sinks.

For more information on DOM Invader's prototype pollution features, see Testing for client-side prototype pollution.

You can click the cog icon next to this setting to access some additional settings for fine-tuning this behavior. For more information on configuration settings specific to prototype pollution, see Prototype pollution settings.

DOM clobbering

When this setting is enabled, DOM Invader automatically tries to identify DOM clobbering vulnerabilities.

For more information, see Testing for DOM clobbering with DOM Invader.

Was this article helpful?