bcoles / Ssrf_proxy
Licence: mit
SSRF Proxy facilitates tunneling HTTP communications through servers vulnerable to Server-Side Request Forgery.
Stars: ✭ 297
Programming Languages
ruby
36898 projects - #4 most used programming language
Projects that are alternatives of or similar to Ssrf proxy
Proxy Manager Bridge
Provides integration for ProxyManager with various Symfony components.
Stars: ✭ 274 (-7.74%)
Mutual labels: proxy
Cloudbunny
CloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye.
Stars: ✭ 273 (-8.08%)
Mutual labels: proxy
Spring Cloud Gateway
A Gateway built on Spring Framework 5.x and Spring Boot 2.x providing routing and more.
Stars: ✭ 3,305 (+1012.79%)
Mutual labels: proxy
Socks5
A full-fledged high-performance socks5 proxy server written in C#. Plugin support included.
Stars: ✭ 286 (-3.7%)
Mutual labels: proxy
Infini Gateway
INFINI-GATEWAY(极限网关), a high performance and lightweight gateway written in golang, for elasticsearch and his friends.
Stars: ✭ 272 (-8.42%)
Mutual labels: proxy
React Magic
A collection of magic animations for react components.
Stars: ✭ 264 (-11.11%)
Mutual labels: magic
Httptunnel
Bidirectional data stream tunnelled in HTTP requests.
Stars: ✭ 279 (-6.06%)
Mutual labels: proxy
Kubetap
Kubectl plugin to interactively proxy Kubernetes Services with ease
Stars: ✭ 297 (+0%)
Mutual labels: proxy
Openlane
OpenLANE is an automated RTL to GDSII flow based on several components including OpenROAD, Yosys, Magic, Netgen, Fault and custom methodology scripts for design exploration and optimization.
Stars: ✭ 293 (-1.35%)
Mutual labels: magic
SSRF Proxy
SSRF Proxy is a multi-threaded HTTP proxy server designed to tunnel client HTTP traffic through HTTP servers vulnerable to Server-Side Request Forgery (SSRF).
Once configured, SSRF Proxy attempts to format client HTTP requests appropriately for the vulnerable server. Likewise, the server's response is parsed and formatted for the client.
By correctly formatting the client request and stripping unwanted junk from the response it is possible to use SSRF Proxy as a HTTP proxy for web browsers, proxychains, and scanning tools such as sqlmap, nmap, dirb and nikto.
SSRF Proxy also assists with leveraging blind SSRF vulnerabilities to perform time-based attacks, such as blind time-based SQL injection with sqlmap.
| Version |
|
|---|---|
| Github | https://github.com/bcoles/ssrf_proxy |
| Wiki | https://github.com/bcoles/ssrf_proxy/wiki |
| Documentation | http://www.rubydoc.info/github/bcoles/ssrf_proxy |
| Author | Brendan Coles |
| Copyright | 2015-2017 Brendan Coles |
| License |
|
Requirements
Ruby 2.2.2 or newer.
Ruby Gems:
- celluloid-io
- webrick
- logger
- colorize
- ipaddress
- base32
- htmlentities
- socksify
- mimemagic
Installation
$ gem install ssrf_proxy
Usage (command line)
Usage: ssrf-proxy [options] -u <SSRF URL>
Example: ssrf-proxy -u http://target/?url=xxURLxx
Options:
-h, --help Help
--version Display version
Output options:
-v, --verbose Verbose output
-d, --debug Debugging output
--no-color Disable colored output
Server options:
-p, --port=PORT Listen port (Default: 8081)
--interface=IP Listen interface (Default: 127.0.0.1)
SSRF request options:
-u, --url=URL Target URL vulnerable to SSRF.
-f, --file=FILE Load HTTP request from a file.
--placeholder=STR Placeholder indicating SSRF insertion point.
(Default: xxURLxx)
--method=METHOD HTTP method (GET/HEAD/DELETE/POST/PUT/OPTIONS)
(Default: GET)
--post-data=DATA HTTP post data
--cookie=COOKIE HTTP cookies (separated by ';')
--user=USER[:PASS] HTTP basic authentication credentials.
--user-agent=AGENT HTTP user-agent (Default: none)
--rules=RULES Rules for parsing client request
(separated by ',') (Default: none)
--no-urlencode Do not URL encode client request
SSRF connection options:
--ssl Connect using SSL/TLS.
--proxy=PROXY Use a proxy to connect to the server.
(Supported proxies: http, https, socks)
--insecure Skip server SSL certificate validation.
--timeout=SECONDS Connection timeout in seconds (Default: 10)
HTTP response modification:
--match=REGEX Regex to match response body content.
(Default: \A(.*)\z)
--strip=HEADERS Headers to remove from the response.
(separated by ',') (Default: none)
--decode-html Decode HTML entities in response body.
--unescape Unescape special characters in response body.
--guess-status Replaces response status code and message
headers (determined by common strings in the
response body, such as 404 Not Found.)
--guess-mime Replaces response content-type header with the
appropriate mime type (determined by the file
extension of the requested resource.)
--sniff-mime Replaces response content-type header with the
appropriate mime type (determined by magic bytes
in the response body.)
--timeout-ok Replaces timeout HTTP status code 504 with 200.
--detect-headers Replaces response headers if response headers
are identified in the response body.
--fail-no-content Return HTTP status 502 if the response body
is empty.
--cors Adds a 'Access-Control-Allow-Origin: *' header.
Client request modification:
--forward-method Forward client request method.
--forward-headers Forward all client request headers.
--forward-body Forward client request body.
--forward-cookies Forward client request cookies.
--cookies-to-uri Add client request cookies to URI query string.
--body-to-uri Add client request body to URI query string.
--auth-to-uri Use client request basic authentication
credentials in request URI.
--ip-encoding=MODE Encode client request host IP address.
(Modes: int, ipv6, oct, hex, dotted_hex)
--cache-buster Append a random value to the client request
query string.
Usage (ruby)
Load the ssrf_proxy library:
require 'ssrf_proxy'
Initialize the SSRFProxy::HTTP object:
# Initialize with a URL containing 'xxURLxx' placeholder
ssrf = SSRFProxy::HTTP.new(url: 'http://example.local/?url=xxURLxx')
# Or, provide the placeholder elsewhere in the request
ssrf = SSRFProxy::HTTP.new(url: 'http://example.local/', method: 'POST', post_data: 'xxURLxx')
# Alternatively, the object can be initialized
# with a file containing a raw HTTP request:
ssrf = SSRFProxy::HTTP.new(file: 'ssrf.txt')
# Or, initialized with a StringIO object containing a raw HTTP request:
http = StringIO.new("GET http://example.local/?url=xxURLxx HTTP/1.1\n\n")
ssrf = SSRFProxy::HTTP.new(file: http)
Refer to the documentation for additional configuration options.
Once initialized, the SSRFProxy::HTTP object can be used to send HTTP
requests via the SSRF using the send_uri and send_request methods.
# GET via SSRF
ssrf.send_uri('http://127.0.0.1/')
# POST via SSRF
ssrf.send_uri('http://127.0.0.1/', method: 'POST', headers: {}, body: '')
# GET via SSRF (using a raw HTTP request)
ssrf.send_request("GET http://127.0.0.1/ HTTP/1.1\n\n")
Refer to the documentation for additional request options.
Documentation
Refer to the wiki for more information and example usage: https://github.com/bcoles/ssrf_proxy/wiki
Refer to RubyDoc for code documentation: http://www.rubydoc.info/github/bcoles/ssrf_proxy
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].