Breaking News



Bruteforcing on Hidden parameters to seek out SSRF vulnerability the use of GET and POST Strategies

NOTE

prepare

Steps :

Ngrok

requestbin.com

How am i able to use it .?

cat YOUR_LIST.txt | python3 lorsrf.py -t URL_TARGET -s YOUR_HOST -w wordlist.txt

Examples :

$ cat paramters.txt | python3 lorsrf.py -t http://serve as.com -s http://53252.ngrok.io
$ cat paramters.txt | python3 lorsrf.py -t http://serve as.com -s http://53252.ngrok.io --threads=50
$ cat paramters.txt | python3 lorsrf.py -t http://serve as.com -s http://53252.ngrok.io --timeout=4
$ cat paramters.txt | python3 lorsrf.py -t http://serve as.com -s http://53252.ngrok.io -c 'shopper=5&PHPSESSION=5232'
$ cat headers.txt
Cookie: take a look at=1
Auth: Basic TG9yU3JmCg==

$ cat parameters.txt | python3 lorsrf.py -f headers.txt -s 'http://myhost.com' -t 'http://ssrf.hack.com'

---------------------
GET /?parameter={YOUR_HOST} HTTP/1.1
Host: targer.com
Cookie: take a look at=1
Auth: Basic TG9yU3JmCg==

$ cat paramters.txt | python3 lorsrf.py -t http://serve as.com -s http://53252.ngrok.io -r

Testing

python3 lorsrf.py -t 'http://testphp.vulnweb.com/showimage.php' -s 'https://YOUR_HOST.com' -w parameters.txt




Leave a Reply

Your email address will not be published. Required fields are marked *

Donate Us

X