Locked ssrf-king: Automates SSRF Detection in all of the Request

[itsMe]

This is the hidden content, please

• Sign In
• or
• Sign Up

ssrf-king

SSRF plugin for burp that Automates SSRF Detection in all of the Request

Upcoming Features Checklist

    ✔️ It will soon have a user Interface to specify your own call back payload
    It will soon be able to test Json & XML

Features

    ✔️ Test all of the requests for any external interactions.
    ✔️ Checks to see if any interactions are not the user’s IP if it is, it’s an open redirect.
    ✔️ Alerts the user for any external interactions with information such as:
        Endpoint Vulnerable
        Host
        Location Found

It also performs the following tests based on this research.

Scanning Options

    ✔️ Supports Both Passive & Active Scanning.

Example

    Load the website you want to test.

    Load the plugin.

    Keep note of the Burp Collab Payload.

    Passively crawl the page, ssrf-king test everything in the request on the fly.SSRF Detection

    When it finds a vulnerability it logs the information and adds an alert.

    From here onwards you would fuzz the parameter to test for SSRF.

SSRF-King v1.12

I have released v1.12 that has a small UI Design where you can specify your own call-back payload.

Changes:

    Implemented checkbox for http:// and https://
    Plugin now uses JDK 14 code compliance 9 which should work with all versions, let me know if it doesn't

Bug fixes:

    Fixed parameter testing.

    When it reported a X-Forwarded-Host it came up as X-Forwarded-For

    The test cases for the following are now fixed and work.

This is the hidden content, please

• Sign In
• or
• Sign Up