SSRF-King – SSRF Plugin For Burp Automates SSRF Detection In All Of The Request

Click the icon to Follow me:- twitterTelegramRedditDiscord
ssrf king 11

SSRF plugin for burp that Automates SSRF Detection in all of the Request

Upcoming Features Checklist

  • It will soon have a user Interface to specifiy your own call back payload
  • It will soon be able to test Json & XML
  • Test for SMTP SSRF

How to Install/Build

  • git clone
  • gradle build
  • Now the file “ssrf-king.jar” could be found under build/libs which can then be imported Burpsuite.
  • Alternatively, goto releases to download the compiled file.


  • Test all of the request for any external interactions.
  • Checks to see if any interactions are not the users IP if it is, it’s an open redirect.
  • Alerts the user for any external interactions with information such as:
    • Endpoint Vulnerable
    • Host
    • Location Found

It also performs the following tests based on this research:


GET http://burpcollab/some/endpoint HTTP/1.1


GET @burpcollab/some/endpoint HTTP/1.1


GET /some/endpoint HTTP/1.1
Host:[email protected]


GET /some/endpoint HTTP/1.1
Host: burpcollab


GET /some/endpoint HTTP/1.1
X-Forwarded-Host: burpcollab

Scanning Options

  • Supports Both Passive & Active Scanning.


  • Load the website you want to test.
ssrf king 4 ss 1

  • Add it as an inscope host in burp.
ssrf king 5 ss 2

  • Load the plugin.
ssrf king 6 ss 3

  • Keep note of the Burp Collab Payload.
ssrf king 7 ss 4

  • Passively crawl the page, ssrf-king test everything in the request on the fly.
ssrf king 8 ssf 5

  • When it finds a vulnerabilitiy it logs the information and adds an alert.
ssrf king 9 ssrf 6

From here onwards you would fuzz the parameter to test for SSRF.

ssrf king 10 ssrf 7

Video Demonstration


Download Ssrf-King

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.


Original Source