ssrf-king: Automates SSRF Detection in all of the Request
ssrf-king
SSRF plugin for burp that Automates SSRF Detection in all of the Request
Upcoming Features Checklist
- ✔️ It will soon have a user Interface to specify your own call back payload
- It will soon be able to test Json & XML
Features
- ✔️ Test all of the requests for any external interactions.
- ✔️ Checks to see if any interactions are not the user’s IP if it is, it’s an open redirect.
- ✔️ Alerts the user for any external interactions with information such as:
- Endpoint Vulnerable
- Host
- Location Found
It also performs the following tests based on this research.
Scanning Options
- ✔️ Supports Both Passive & Active Scanning.
Example
From here onwards you would fuzz the parameter to test for SSRF.
Demo
Download
Copyright (c) 2021 Krypt0mux