search

ethicalhackingplayground / ssrf-king

SSRF plugin for burp Automates SSRF Detection in all of the Request
MIT License
555 stars 57 forks source link

[Enhancement] #2

Closed 0xspade closed 3 years ago

0xspade commented 3 years ago

Should also check for:

GET http://burpcollab/some/endpoint HTTP/1.1
Host: example.com
...

or 

GET @burpcollab/some/endpoint HTTP/1.1
Host: example.com
...

or 

GET /some/endpoint HTTP/1.1
Host: example.com:80@burpcollab
...

or changing the host header

GET /some/endpoint HTTP/1.1
Host: burpcollab
...

or overriding the sites

GET /some/endpoint HTTP/1.1
Host: example.com
X-Forwarded-Host: burpcollab
...

Reference:

https://portswigger.net/research/cracking-the-lens-targeting-https-hidden-attack-surface

ethicalhackingplayground commented 3 years ago

Thanks so much for this enhancement. :) I will get these implemented as soon as possible.

0xspade commented 3 years ago

Yep, read albinowax presentation first so that you have an idea. good thing you created this burp extension. I always wanted to make one but don't know how. :)

ethicalhackingplayground commented 3 years ago

Thanks so much. I've seen the presentation there are some cool tricks I might have in mind.

0xspade commented 3 years ago

yeah yeah.. looking forward to the updates :)

ethicalhackingplayground commented 3 years ago

@0xspade Hey man, I've implemented the features you asked for.

I'm going to close this issue for now, if you find anything wrong with the new features Please let me know.

Regards, Blake.