Shulou(Shulou.com)06/01 Report--

This article focuses on "how to use SSRF-King to achieve automated SSRF detection in BurpSuite", interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn "how to use SSRF-King to automate SSRF detection in BurpSuite".

SSRF-King

SSRF-King is a SSRF plug-in for BurpSuite. With the help of this tool, researchers are able to automate SSRF detection for all requests.

SSRF, that is, Server-side Request Forge server request forgery, refers to the loophole caused by the attack link constructed by the attacker and passed to the server for execution, which is generally used to detect or attack private network services in the external network.

Function introduction

Test requests for all external interactions.

Check to see if there are any interactions that do not originate from the user's IP, and if so, open redirection.

Remind the user of an unsafe request interaction

Scanning options support passive scanning and active scanning

In addition, the tool performs tests based on the following studies:

Reference: https://portswigger.net/research/cracking-the-lens-targeting-https-hidden-attack-surface

GET http://burpcollab/some/endpoint HTTP/1.1Host: example.com...

Or

GET @ burpcollab/some/endpoint HTTP/1.1Host: example.com...

Or

GET / some/endpoint HTTP/1.1Host: example.com:80@burpcollab...

Or

GET / some/endpoint HTTP/1.1Host: burpcollab...

Or

GET / some/endpoint HTTP/1.1Host: example.comX-Forwarded-Host: burpcollab... Tool installation & build

The majority of researchers can use the following commands to clone the project source code locally and build the project:

Git clone https://github.com/ethicalhackingplayground/ssrf-kinggradle build

Now we will be able to find a file called "ssrf-king.jar" in the build/libs directory of the project, which we can then import into BurpSuite.

Alternatively, you can directly visit the [Releases] page of the project to download the precompiled files.

Sample use of tools

Load the web page that needs to be tested:

In BurpSuite, add the site to the host address range:

Load the feature plug-in SSRF-King:

Record Burp Collab Payload:

Passively crawl the content of the page, and SSRF-King will test everything in the request in real time:

When the tool plug-in finds a security vulnerability, it records the information in the log and adds a warning reminder:

In the following interface, we can perform a SSRF fuzzy test using parameters:

At this point, I believe you have a deeper understanding of "how to use SSRF-King to achieve automated SSRF detection in BurpSuite". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.