Search the Community

ssrf-king SSRF plugin for burp that Automates SSRF Detection in all of the Request Upcoming Features Checklist ✔️ It will soon have a user Interface to specify your own call back payload It will soon be able to test Json & XML Features ✔️ Test all of the requests for any external interactions. ✔️ Checks to see if any interactions are not the user’s IP if it is, it’s an open redirect. ✔️ Alerts the user for any external interactions with information such as: Endpoint Vulnerable Host Location Found It also performs the following tests based on this research. Scanning Options ✔️ Supports Both Passive & Active Scanning. Example Load the website you want to test. Load the plugin. Keep note of the Burp Collab Payload. Passively crawl the page, ssrf-king test everything in the request on the fly.SSRF Detection When it finds a vulnerability it logs the information and adds an alert. From here onwards you would fuzz the parameter to test for SSRF. SSRF-King v1.12 I have released v1.12 that has a small UI Design where you can specify your own call-back payload. Changes: Implemented checkbox for http:// and https:// Plugin now uses JDK 14 code compliance 9 which should work with all versions, let me know if it doesn't Bug fixes: Fixed parameter testing. When it reported a X-Forwarded-Host it came up as X-Forwarded-For The test cases for the following are now fixed and work. [hide][Hidden Content]]