SSRF-King – SSRF Plugin For Burp Automates SSRF Detection In All Of The Request

ssrf king 11

SSRF plugin for burp that Automates SSRF Detection in all of the Request

Upcoming Features Checklist

  • It will soon have a user Interface to specifiy your own call back payload
  • It will soon be able to test Json & XML
  • Test for SMTP SSRF

How to Install/Build

  • git clone https://github.com/ethicalhackingplayground/ssrf-king
  • gradle build
  • Now the file “ssrf-king.jar” could be found under build/libs which can then be imported Burpsuite.
  • Alternatively, goto releases to download the compiled file.

Features

  • Test all of the request for any external interactions.
  • Checks to see if any interactions are not the users IP if it is, it’s an open redirect.
  • Alerts the user for any external interactions with information such as:
    • Endpoint Vulnerable
    • Host
    • Location Found

It also performs the following tests based on this research:

Reference:

https://portswigger.net/research/cracking-the-lens-targeting-https-hidden-attack-surface

GET http://burpcollab/some/endpoint HTTP/1.1
Host: example.com
...

and

GET @burpcollab/some/endpoint HTTP/1.1
Host: example.com
...

and

GET /some/endpoint HTTP/1.1
Host: example.com:80@burpcollab
...

and

GET /some/endpoint HTTP/1.1
Host: burpcollab
...

and

GET /some/endpoint HTTP/1.1
Host: example.com
X-Forwarded-Host: burpcollab
...

Scanning Options

  • Supports Both Passive & Active Scanning.

Example

  • Load the website you want to test.
ssrf king 4 ss 1

  • Add it as an inscope host in burp.
ssrf king 5 ss 2

  • Load the plugin.
ssrf king 6 ss 3

  • Keep note of the Burp Collab Payload.
ssrf king 7 ss 4

  • Passively crawl the page, ssrf-king test everything in the request on the fly.
ssrf king 8 ssf 5

  • When it finds a vulnerabilitiy it logs the information and adds an alert.
ssrf king 9 ssrf 6

From here onwards you would fuzz the parameter to test for SSRF.

ssrf king 10 ssrf 7

Video Demonstration

 

Download Ssrf-King

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source