SSRF Sheriff : Server Side Request Forgery

SSRF Sheriff is an SSRF testing sheriff written in Go. It was originally created for the Uber H1-4420 2019 London Live Hacking Event, but it is now being open-sourced for other organizations to implement and contribute back to.

Features

  • Repsond to any HTTP method (GET, POST, PUT, DELETE, etc.)
  • Configurable secret token (see base.example.yaml)
  • Content-specific responses
    • With secret token in response body
      • JSON
      • XML
      • HTML
      • CSV
      • TXT
    • Without token in response body
      • GIF
      • PNG
      • JPEG
      • MP3
      • MP4

Also Read – SharpRDP : RDP Application For Authenticated Command Execution

Usage

go get github.com/teknogeek/ssrf-sheriff
cd $GOPATH/src/github.com/teknogeek/ssrf-sheriff
cp config/base.example.yaml config/base.yaml

#… configure …

go run main.go

Example Requests

Plaintext

$ curl -sSD- http://127.0.0.1:8000/foobar
HTTP/1.1 200 OK
Content-Type: text/plain
X-Secret-Token: SUP3R_S3cret_1337_K3y
Date: Mon, 14 Oct 2019 16:37:36 GMT
Content-Length: 21

SUP3R_S3cret_1337_K3y

XML

$ curl -sSD- http://127.0.0.1:8000/foobar.xml
HTTP/1.1 200 OK
Content-Type: application/xml
X-Secret-Token: SUP3R_S3cret_1337_K3y
Date: Mon, 14 Oct 2019 16:37:41 GMT
Content-Length: 81

<SerializableResponse><token>SUP3R_S3cret_1337_K3y</token></SerializableResponse>

TODO

  • Dynamically generate valid responses with the secret token visible for
    • GIF
    • PNG
    • JPEG
    • MP3
    • MP4
  • Secrets in HTTP response generated/created/signed per-request, instead of returning a single secret for all requests
  • TLS support

Credit: Frans Rosén

R K

Recent Posts

Wez’s Terminal : A Rust-Powered GPU-Accelerated Terminal Emulator

A GPU-accelerated cross-platform terminal emulator and multiplexer written by @wez and implemented in Rust Getting…

12 hours ago

AutorizePro : Revolutionizing Authorization Testing With AI

一句话介绍工具: AutorizePro 是一款创新性的内置AI分析模块的专注于越权检测的 Burp 插件 (已有多个白帽反馈用工具嘎嘎挖到src洞, 每周末更新, 欢迎Star🌟以便持续跟踪项目最新版本功能) 工具背景 越权漏洞在黑盒测试、SRC挖掘中几乎是必测的一项,但手工逐个测试越权漏洞往往会耗费大量时间。 而自动化工具又因为接口的多样化,难以制定一个全面的检测逻辑而存在大量误报, 基于此产生了 AI辅助分析的检测工具 ➡️ AutorizePro…

13 hours ago

SharpRDPHijack : A .NET Utility For RDP Session Hijacking

Sharp RDP Hijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility. RDP…

13 hours ago

SharpExecute : Advanced Techniques For Stealth .NET Execution And CLR Manipulation

Executing .NET Files from an Unmanaged Process with Manual CLR Loading. Manually loading the CLR…

14 hours ago

BlackPill : A Comprehensive Overview Of A Stealthy Linux Rootkit

Dive into the dark intricacies of BlackPill, a sophisticated Linux rootkit engineered in Rust that…

2 days ago

RustScan : Revolutionizing Port Scanning With Speed And Extensibility

The Modern, Blazing Fast Port Scanner. Find ports quickly (3 seconds at its fastest). Run…

2 days ago