TProxer: Burp Suite extension to find reverse proxy path based SSRF

by do son ·

Burp Suite extension

TProxer

A Burp Suite extension was made to automate the process of finding reverse proxy path-based SSRF.

How it works

  • Attempts to gain access to internal APIs or files through a path-based SSRF attack. For instance https://www.example.com/api/v1/users we try the payload /..;/..;/..;/..;/  hoping for a 400 Bad Request:
  • Then the Algorithm tries to find the potential internal API root with: https://www.example.com/api/v1/users/..;/..;/..;/ hoping for a 404 Not Found
  • Then, we try to discover content, if anything is found it performs an additional test to see if it’s 100% internal and worth investigating.
  • Supports manual activation through a context menu.
  • Payloads are supplied by the user under a dedicated tab, default values are stored under query payloads.txt
  • You can also select your own wordlist
  • Issues are added under the Issue Activity tab.

Install

$ git clone https://github.com/ethicalhackingplayground/TProxer

  • Download Jython from:

https://www.jython.org/download.html

Make sure you use Jython 2.7.2

  • Load burp, Extender -> Options
  • Go to Python Environment -> Select file -> Select jython.jar
  • Go to Extensions -> Add -> TProx.py

Source: https://github.com/ethicalhackingplayground/

Copyright (c) 2021 Krypt0mux

Tags: Burp Suite extensionTProxer