SSRF-King – SSRF Plugin For Burp Automates SSRF Detection In All Of The Request

SSRF plugin for burp that Automates SSRF Detection in all of the Request
The world's most advanced processor in the desktop PC gaming segment Can deliver ultra-fast 100+ FPS performance in the world's most popular games 12 cores and 24 processing threads, bundled with the AMD Wraith Prism cooler with color controlled LED ... read more
(as of February 28, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
AMD's fastest 6 core processor for mainstream desktop, with 12 processing threads Can deliver elite 100+ FPS performance in the world's most popular games Bundled with the quiet, capable AMD Wraith Stealth cooler 4.6 GHz Max Boost, unlocked for overc... read more
(as of February 28, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
System ram type: DDR4_sdram
(as of February 28, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Upcoming Features Checklist
-
It will soon have a user Interface to specifiy your own call back payload
- It will soon be able to test Json & XML
- Test for SMTP SSRF
How to Install/Build
git clone https://github.com/ethicalhackingplayground/ssrf-king
gradle build
- Now the file “ssrf-king.jar” could be found under build/libs which can then be imported Burpsuite.
- Alternatively, goto releases to download the compiled file.
Features
-
Test all of the request for any external interactions.
-
Checks to see if any interactions are not the users IP if it is, it’s an open redirect.
-
Alerts the user for any external interactions with information such as:
- Endpoint Vulnerable
- Host
- Location Found
It also performs the following tests based on this research:
Reference:
https://portswigger.net/research/cracking-the-lens-targeting-https-hidden-attack-surface
GET http://burpcollab/some/endpoint HTTP/1.1
Host: example.com
...
and
GET @burpcollab/some/endpoint HTTP/1.1
Host: example.com
...
and
GET /some/endpoint HTTP/1.1
Host: example.com:[email protected]
...
and
GET /some/endpoint HTTP/1.1
Host: burpcollab
...
and
GET /some/endpoint HTTP/1.1
Host: example.com
X-Forwarded-Host: burpcollab
...
Scanning Options
-
Supports Both Passive & Active Scanning.
Example
- Load the website you want to test.

- Add it as an inscope host in burp.

- Load the plugin.

- Keep note of the Burp Collab Payload.

- Passively crawl the page, ssrf-king test everything in the request on the fly.

- When it finds a vulnerabilitiy it logs the information and adds an alert.

From here onwards you would fuzz the parameter to test for SSRF.
You may be interested in...

Video Demonstration
Download Ssrf-King
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.