SSRF Proxy
SSRF Proxy is a multi-threaded HTTP proxy server designed to tunnel client HTTP traffic through HTTP servers vulnerable to Server-Side Request Forgery (SSRF).
Once configured, SSRF Proxy attempts to format client HTTP requests appropriately for the vulnerable server. Likewise, the server's response is parsed and formatted for the client.
By correctly formatting the client request and stripping unwanted junk from the response it is possible to use SSRF Proxy as a HTTP proxy for web browsers, proxychains, and scanning tools such as sqlmap, nmap, dirb and nikto.
SSRF Proxy also assists with leveraging blind SSRF vulnerabilities to perform time-based attacks, such as blind time-based SQL injection with sqlmap.
Requirements:
Ruby 2.2.2 or newer.
Ruby Gems:
celluloid-io
webrick
logger
colorize
ipaddress
base32
htmlentities
socksify
mimemagic
Installation:
Usage (command line):
Github
⬇️ Download
🔓
#Ruby #Proxy #SSRF
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3
SSRF Proxy is a multi-threaded HTTP proxy server designed to tunnel client HTTP traffic through HTTP servers vulnerable to Server-Side Request Forgery (SSRF).
Once configured, SSRF Proxy attempts to format client HTTP requests appropriately for the vulnerable server. Likewise, the server's response is parsed and formatted for the client.
By correctly formatting the client request and stripping unwanted junk from the response it is possible to use SSRF Proxy as a HTTP proxy for web browsers, proxychains, and scanning tools such as sqlmap, nmap, dirb and nikto.
SSRF Proxy also assists with leveraging blind SSRF vulnerabilities to perform time-based attacks, such as blind time-based SQL injection with sqlmap.
Requirements:
Ruby 2.2.2 or newer.
Ruby Gems:
celluloid-io
webrick
logger
colorize
ipaddress
base32
htmlentities
socksify
mimemagic
Installation:
gem install ssrf_proxy
Usage (command line):
ssrf-proxy [options] -u <SSRF URL>
ssrf-proxy -u https://target/?url=xxURLxx
Github
⬇️ Download
🔓
BugCod3#Ruby #Proxy #SSRF
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3
❤2⚡1🔥1