search

PortSwigger / url-cheatsheet-data

This is the data that powers the PortSwigger URL validation bypass cheat sheet.
https://portswigger.net/web-security/ssrf/url-validation-bypass-cheat-sheet
30 stars 4 forks source link

IPv6 Collaborator Payload #14

Closed e1abrador closed 2 weeks ago

e1abrador commented 1 month ago

Hi,

On my extension "Encode IP" on BurpSuite I did include a payload that has the following format:

http://[::ffff:3f8:21fc]/3rvmzpc3u02vqekmmstu49s6exkn8c

[::ffff:3f8:21fc] -> IPv6 format of collaborator domain 3rvmzpc3u02vqekmmstu49s6exkn8c Collaborator Payload

It would be great if a new user input is added on the cheat sheet, which could be IPv6. By this way, the user would just need to include his collaborator payload and then, the payload would be generated.

A default option for the user input (as there's one for Allowed domain name and Attacker domain name) would be to introduce automatically the IPv6 IP of the used collaborator ([::ffff:3f8:21fc]), so the payload would be auto-generated when the user introduce the IPv6 IP address.

d0ge commented 1 month ago

Hello @e1abrador Thank you very much for your contribution to the URL Validation Bypass Cheat Sheet. The new IPv4 IPv6 encodings were added to the cheat sheet. May I ask you to send me your handle on X.com (formerly Twitter.com)? Alternatively, I can use a link to your profile on GitHub if that’s more convenient for you.