ssrf_proxy 0.0.2 → 0.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml ADDED
@@ -0,0 +1,15 @@
1
+ ---
2
+ !binary "U0hBMQ==":
3
+ metadata.gz: !binary |-
4
+ OWNjNWNkNjA2ZjI0NjQ4MWNkMzhhMTM2ZWIxZDQzNTFiMjg1ZmNhZg==
5
+ data.tar.gz: !binary |-
6
+ MThiZTIzYzZjOGZlMDMzNzdhZjFiYWEzNGMyZDVlNjBhYTM5MTVhYg==
7
+ SHA512:
8
+ metadata.gz: !binary |-
9
+ YTY0N2I2YWFhNjUzODYyODQzN2QyOTliMjZlN2Y1YjJmYzQ4ZTZhNjQxNmNh
10
+ MGM2Y2RiZThmY2I5YzBlOTE4Nzk2ZWU5YTI1YzViOGNhMTE4YjUzMjYwOTc5
11
+ NjVmOGVjYTJhYThmYjZkZDYxNmIzYzk5N2I2NTVhMzhiZDcxMjA=
12
+ data.tar.gz: !binary |-
13
+ NWY4ZjI4NTllZTViYzZlYzZmNDhjNzMzYzgxNjY1YjU1OWUyNzcwMmM3OWFi
14
+ N2FjZGU4ZTc2OGUxOWVlYWNlMjlmY2I1ZmI4YzBlMjZkZThlZjkxMzIwYTli
15
+ ZWU4YzIxYzI4MDAyNGFjYmNiOWFhNDIxZTJjYTE4YjlmN2NjMGE=
data/LICENSE.md ADDED
@@ -0,0 +1,22 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2015-2016 Brendan Coles <bcoles@gmail.com>
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
22
+
data/README.md ADDED
@@ -0,0 +1,222 @@
1
+ # SSRF Proxy
2
+
3
+ <a href="https://github.com/bcoles/ssrf_proxy" target="_blank">
4
+ <img src="https://img.shields.io/badge/version-0.0.3-brightgreen.svg"/>
5
+ </a>
6
+ <a href="https://travis-ci.org/bcoles-ci/ssrf_proxy" target="_blank">
7
+ <img src="https://api.travis-ci.org/bcoles-ci/ssrf_proxy.svg?branch=master"/>
8
+ </a>
9
+ <a href="https://www.versioneye.com/ruby/ssrf_proxy/" target="_blank">
10
+ <img src="https://img.shields.io/versioneye/d/ruby/ssrf_proxy.svg"/>
11
+ </a>
12
+ <a href="https://hakiri.io/github/bcoles-ci/ssrf_proxy/master/" target="_blank">
13
+ <img src="https://hakiri.io/github/bcoles-ci/ssrf_proxy/master.svg"/>
14
+ </a>
15
+ <a href="https://codeclimate.com/github/bcoles/ssrf_proxy" target="_blank">
16
+ <img src="https://codeclimate.com/github/bcoles/ssrf_proxy/badges/gpa.svg"/>
17
+ </a>
18
+ <a href="https://coveralls.io/github/bcoles-ci/ssrf_proxy?branch=master" target="_blank">
19
+ <img src="https://coveralls.io/repos/github/bcoles-ci/ssrf_proxy/badge.svg?branch=master"/>
20
+ </a>
21
+ <a href="https://inch-ci.org/github/bcoles/ssrf_proxy" target="_blank">
22
+ <img src="https://inch-ci.org/github/bcoles/ssrf_proxy.svg?branch=master"/>
23
+ </a>
24
+ <a href="https://github.com/bcoles/ssrf_proxy/blob/master/LICENSE.md" target="_blank">
25
+ <img src="https://img.shields.io/badge/license-MIT-brightgreen.svg"/>
26
+ </a>
27
+
28
+ **SSRF Proxy** is a multi-threaded HTTP proxy server designed
29
+ to tunnel client HTTP traffic through HTTP servers vulnerable
30
+ to HTTP Server-Side Request Forgery (SSRF).
31
+
32
+ Once configured, SSRF Proxy attempts to format client HTTP
33
+ requests appropriately for the vulnerable server. Likewise,
34
+ the server's response is parsed and formatted for the client.
35
+
36
+ By correctly formatting the client request and stripping
37
+ unwanted junk from the response it is possible to use
38
+ SSRF Proxy as a HTTP proxy for web browsers and scanning
39
+ tools such as sqlmap and nikto.
40
+
41
+ SSRF Proxy also assists with leveraging blind SSRF
42
+ vulnerabilities to perform time-based attacks, such
43
+ as blind time-based SQL injection with sqlmap.
44
+
45
+ <table>
46
+ <tr>
47
+ <th>Version</th>
48
+ <td>0.0.3</td>
49
+ </tr>
50
+ <tr>
51
+ <th>Github</th>
52
+ <td>
53
+ <a href="https://github.com/bcoles/ssrf_proxy">https://github.com/bcoles/ssrf_proxy</a>
54
+ </td>
55
+ </tr>
56
+ <tr>
57
+ <th>Wiki</th>
58
+ <td><a href="https://github.com/bcoles/ssrf_proxy/wiki">https://github.com/bcoles/ssrf_proxy/wiki</a></td>
59
+ </tr>
60
+ <tr>
61
+ <th>Documentation</th>
62
+ <td>
63
+ <a href="http://www.rubydoc.info/github/bcoles/ssrf_proxy" target="_blank">http://www.rubydoc.info/github/bcoles/ssrf_proxy</a>
64
+ </td>
65
+ </tr>
66
+ <tr>
67
+ <th>Author</th>
68
+ <td>Brendan Coles</td>
69
+ </tr>
70
+ <tr>
71
+ <th>Copyright</th>
72
+ <td>2015-2016 Brendan Coles</td>
73
+ </tr>
74
+ <tr>
75
+ <th>License</th>
76
+ <td>MIT - (see <a href="https://github.com/bcoles/ssrf_proxy/blob/master/LICENSE.md">LICENSE.md</a> file)</td>
77
+ </tr>
78
+ </table>
79
+
80
+
81
+ ## Requirements
82
+
83
+ Ruby 1.9.3 or newer
84
+
85
+ Ruby Gems:
86
+
87
+ - celluloid-io
88
+ - webrick
89
+ - logger
90
+ - colorize
91
+ - ipaddress
92
+ - base32
93
+ - htmlentities
94
+ - socksify
95
+
96
+ ## Installation
97
+
98
+ ```
99
+ $ gem install ssrf_proxy
100
+ ```
101
+
102
+ ## Usage (command line)
103
+
104
+ ```
105
+ Usage: ssrf-proxy [options] -u <SSRF URL>
106
+ Example: ssrf-proxy -u http://target/?url=xxURLxx
107
+ Options:
108
+
109
+ -h, --help Help
110
+ -v, --verbose Verbose output
111
+ -d, --debug Debugging output
112
+
113
+ Server options:
114
+ -p, --port=PORT Listen port (Default: 8081)
115
+ --interface=IP Listen interface (Default: 127.0.0.1)
116
+
117
+ SSRF request options:
118
+ -u, --url=URL SSRF URL with 'xxURLxx' placeholder
119
+ --method=METHOD HTTP method (GET/HEAD/DELETE/POST/PUT)
120
+ (Default: GET)
121
+ --post-data=DATA HTTP post data
122
+ --cookie=COOKIE HTTP cookies (separated by ';')
123
+ --user-agent=AGENT HTTP user-agent (Default: Mozilla/5.0)
124
+ --rules=RULES Rules for parsing client request for xxURLxx
125
+ (separated by ',') (Default: none)
126
+
127
+ SSRF connection options:
128
+ --proxy=PROXY Use a proxy to connect to the server.
129
+ (Supported proxies: http, https, socks)
130
+ --insecure Skip server SSL certificate validation.
131
+ --timeout=SECONDS Connection timeout in seconds (Default: 10)
132
+
133
+ HTTP response modification:
134
+ --match=REGEX Regex to match response body content.
135
+ (Default: \A(.*)\z)
136
+ --strip=HEADERS Headers to remove from the response.
137
+ (separated by ',') (Default: none)
138
+ --decode-html Decode HTML entities in response body.
139
+ --guess-status Replaces response status code and message
140
+ headers (determined by common strings in the
141
+ response body, such as 404 Not Found.)
142
+ --guess-mime Replaces response content-type header with the
143
+ appropriate mime type (determined by the file
144
+ extension of the requested resource.)
145
+ --ask-password Prompt for password on authentication failure.
146
+ Adds a 'WWW-Authenticate' HTTP header to the
147
+ response if the response code is 401.
148
+
149
+ Client request modification:
150
+ --forward-cookies Forward client HTTP cookies through proxy to
151
+ SSRF server.
152
+ --cookies-to-uri Add client request cookies to URI query.
153
+ --body-to-uri Add client request body to URI query.
154
+ --auth-to-uri Use client request basic authentication
155
+ credentials in request URI.
156
+ --ip-encoding=MODE Encode client request host IP address.
157
+ (Modes: int, ipv6, oct, hex, dotted_hex)
158
+
159
+
160
+ ```
161
+
162
+
163
+ ## Usage (ruby)
164
+
165
+ First, create a new SSRFProxy::HTTP object:
166
+
167
+ ```
168
+ # SSRF URL with 'xxURLxx' placeholder
169
+ url = 'http://example.local/index.php?url=xxURLxx'
170
+ # options
171
+ opts = {
172
+ 'proxy' => '',
173
+ 'method' => 'GET',
174
+ 'post_data' => '',
175
+ 'rules' => '',
176
+ 'ip_encoding' => '',
177
+ 'match' => "\\A(.+)\\z",
178
+ 'strip' => '',
179
+ 'decode_html' => false,
180
+ 'guess_mime' => false,
181
+ 'guess_status' => false,
182
+ 'ask_password' => false,
183
+ 'forward_cookies'=> false,
184
+ 'body_to_uri' => false,
185
+ 'auth_to_uri' => false,
186
+ 'cookies_to_uri' => false,
187
+ 'cookie' => '',
188
+ 'timeout' => 10,
189
+ 'user_agent' => 'Mozilla/5.0',
190
+ 'insecure' => false
191
+ }
192
+ # create SSRFProxy::HTTP object
193
+ ssrf = SSRFProxy::HTTP.new(url, opts)
194
+ # set log level (optional)
195
+ ssrf.logger.level = Logger::DEBUG
196
+ ```
197
+
198
+ Then send HTTP requests via the SSRF:
199
+
200
+ ```
201
+ # fetch http://127.0.0.1/ via SSRF by String
202
+ uri = 'http://127.0.0.1/'
203
+ ssrf.send_uri(uri)
204
+
205
+
206
+ # fetch http://127.0.0.1/ via SSRF by URI
207
+ uri = URI.parse('http://127.0.0.1/')
208
+ ssrf.send_uri(uri)
209
+
210
+
211
+ # fetch http://127.0.0.1/ via SSRF using a raw HTTP request
212
+ http = "GET http://127.0.0.1/ HTTP/1.1\n\n"
213
+ ssrf.send_request(http)
214
+ ```
215
+
216
+ ## Documentation
217
+
218
+ Refer to the wiki for more information and example usage:
219
+ https://github.com/bcoles/ssrf_proxy/wiki
220
+
221
+ Refer to RubyDoc for code documentation:
222
+ http://www.rubydoc.info/github/bcoles/ssrf_proxy
data/bin/console ADDED
@@ -0,0 +1,24 @@
1
+ #!/usr/bin/env ruby
2
+ #
3
+ # Copyright (c) 2015-2016 Brendan Coles <bcoles@gmail.com>
4
+ # SSRF Proxy - https://github.com/bcoles/ssrf_proxy
5
+ # See the file 'LICENSE.md' for copying permission
6
+ #
7
+
8
+ require 'irb'
9
+ require 'irb/completion'
10
+
11
+ begin
12
+ puts "\n_________________________________________________________\n"
13
+ puts SSRFProxy::BANNER
14
+ puts "\n SSRF Proxy v#{SSRFProxy::VERSION}"
15
+ puts " https://github.com/bcoles/ssrf_proxy\n"
16
+ puts "\n_________________________________________________________\n\n"
17
+
18
+ puts "SSRFProxy[#{SSRFProxy::VERSION}], " \
19
+ "Ruby[#{RUBY_VERSION}], " \
20
+ "Platform[#{RUBY_PLATFORM}]"
21
+ rescue => e
22
+ puts "Error: Could not load SSRFProxy: #{e.message}"
23
+ end
24
+ IRB.start
data/bin/setup ADDED
@@ -0,0 +1,6 @@
1
+ #!/bin/bash
2
+
3
+ set -euo pipefail
4
+ IFS=$'\n\t'
5
+
6
+ bundle install