SSRF King- Burp Suit Plugin To Automates SSRF Detection

SSRF Plugin Burp

SSRF plugin for burp that Automates SSRF Detection in all of the request.

If you are facing any problems or would like a new feature that is not listed below Please create a new issue below in this form

Upcoming Features Checklist

  • ✔️ It will soon have a user Interface to specifiy your own call back payload
  • It will soon be able to test Json & XML
  • Test for SMTP SSRF

How to Install/Build

  • git clone https://github.com/ethicalhackingplayground/ssrf-king
  • gradle build
  • Now the file “ssrf-king.jar” could be found under build/libs which can then be imported Burpsuite.
  • Alternatively, goto releases to download the compiled file.

Features

✔️ Test all of the request for any external interactions.
✔️ Checks to see if any interactions are not the users IP if it is, it’s an open redirect.
✔️ Alerts the user for any external interactions with information such as:

  • Endpoint Vulnerable
  • Host
  • Location Found

It also performs the following tests based on this research:

Reference:

Portswigger

GET http://burpcollab/some/endpoint HTTP/1.1
Host: example.com
...
and
GET @burpcollab/some/endpoint HTTP/1.1
Host: example.com
...
and
GET /some/endpoint HTTP/1.1
Host: example.com:[email protected]
...
and

GET /some/endpoint HTTP/1.1
Host: burpcollab
...
and

GET /some/endpoint HTTP/1.1
Host: example.com
X-Forwarded-Host: burpcollab
...

Scanning Options

  • ✔️ Supports Both Passive & Active Scanning.

Example

Load the website you want to test.

SSRF Testing Website
SSRF Testing Website

Add it as an inscope host in burp.

SSRF Testing In Burp
SSRF Testing In Burp

Load the plugin.

SSRF Testing In Burp load
SSRF Testing In Burp load

Keep note of the Burp Collab Payload.

SSRF Testing In Burp Collab
SSRF Testing In Burp Collab

Passively crawl the page, ssrf-king test everything in the request on the fly.

SSRF Testing In Burp Crawl
SSRF Testing In Burp Crawl

When it finds a vulnerabilitiy it logs the information and adds an alert.

SSRF Testing In Burp logs
SSRF Testing In Burp logs

From here onwards you would fuzz the parameter to test for SSRF.

SSRF Testing In Burp Fuzz
SSRF Testing In Burp Fuzz

Download SSRF plugin for burp Automates SSRF Detection

How To Use? Watch Video –

Also See: Server Side Request Forgery SSRF Types And Ways To Exploit it

For the latest update about Cyber and Infosec World, follow us on Twitter, Facebook, Telegram , Instagram and subscribe to our YouTube Channel.

Subscribe to HackersOnlineClub via Email

Enter your Email address to receive notifications of Latest Posts by Email | Join over Million Followers

Total
9
Shares
Related Posts