SSRF plugin for burp that Automates SSRF Detection in all of the Request
Upcoming Features Checklist
- It will soon have a user Interface to specifiy your own call back payload
- It will soon be able to test Json & XML
- Test for SMTP SSRF
How to Install/Build
git clone https://github.com/ethicalhackingplayground/ssrf-king
- Now the file "ssrf-king.jar" could be found under build/libs which can then be imported Burpsuite.
- Alternatively, goto releases to download the compiled file.
- Test all of the request for any external interactions.
- Checks to see if any interactions are not the users IP if it is, it's an open redirect.
- Alerts the user for any external interactions with information such as:
- Endpoint Vulnerable
- Location Found
It also performs the following tests based on this research:
GET http://burpcollab/some/endpoint HTTP/1.1Host: example.com...
GET @burpcollab/some/endpoint HTTP/1.1Host: example.com...
GET /some/endpoint HTTP/1.1Host: example.com:[email protected]...
GET /some/endpoint HTTP/1.1Host: burpcollab...
GET /some/endpoint HTTP/1.1Host: example.comX-Forwarded-Host: burpcollab...
- Supports Both Passive & Active Scanning.
- Load the website you want to test.
- Add it as an inscope host in burp.
- Load the plugin.
- Keep note of the Burp Collab Payload.
- Passively crawl the page, ssrf-king test everything in the request on the fly.
- When it finds a vulnerabilitiy it logs the information and adds an alert.
From here onwards you would fuzz the parameter to test for SSRF.