ssrf-king: Automates SSRF Detection in all of the Request
ssrf-king
SSRF plugin for burp that Automates SSRF Detection in all of the Request
Upcoming Features Checklist
- ✔️ It will soon have a user Interface to specify your own call back payload
- It will soon be able to test Json & XML
Features
- ✔️ Test all of the requests for any external interactions.
- ✔️ Checks to see if any interactions are not the user’s IP if it is, it’s an open redirect.
- ✔️ Alerts the user for any external interactions with information such as:
- Endpoint Vulnerable
- Host
- Location Found
It also performs the following tests based on this research.
Scanning Options
- ✔️ Supports Both Passive & Active Scanning.
Example
- Load the website you want to test.
- Add it as an inscope host in burp.
- Load the plugin.
- Keep note of the Burp Collab Payload.
- Passively crawl the page, ssrf-king test everything in the request on the fly.
- When it finds a vulnerability it logs the information and adds an alert.
From here onwards you would fuzz the parameter to test for SSRF.
Demo
Download
Copyright (c) 2021 Krypt0mux
