diff --git a/src/builder/payload.rs b/src/builder/payload.rs
index 194d3a4..e88bf11 100644
--- a/src/builder/payload.rs
+++ b/src/builder/payload.rs
@@ -1,6 +1,17 @@
-static PROTO: &str = "__proto__";
-
 pub fn get() -> Vec<String> {
+	let mut payload = vec![];
+
+	let object = get_object();
+	let pointer = get_pointer();
+
+	payload.extend(object);
+	payload.extend(pointer);
+
+	payload
+}
+
+fn get_object() -> Vec<String> {
+	const PREFIX: &str = "__proto__";
 	let suffixes = [
 		".ppfuzz",
 		"[ppfuzz]"
@@ -8,6 +19,19 @@ pub fn get() -> Vec<String> {
 
 	suffixes
 		.iter()
-		.map(|suffix| PROTO.to_owned() + suffix)
+		.map(|suffix| PREFIX.to_owned() + suffix)
+		.collect()
+}
+
+fn get_pointer() -> Vec<String> {
+	const PREFIX: &str = "constructor";
+	let suffixes = [
+		".prototype.ppfuzz",
+		"[prototype][ppfuzz]"
+	];
+
+	suffixes
+		.iter()
+		.map(|suffix| PREFIX.to_owned() + suffix)
 		.collect()
 }
\ No newline at end of file