Burp ×Ô¶¯SSRF²å¼þ

ÌØÕ÷

• ?? ²âÊÔËùÓÐÇëÇóÊÇ·ñ´æÔÚÈκÎÍⲿ½»»¥¡£
• ?? Checks to see if any interactions are not the users IP if it is, it's an open redirect.
• ?? Alerts the user for any external interactions with information such as

ɨÃèÑ¡Ïî

• ?? Ö§³Ö±»¶¯ºÍÖ÷¶¯É¨Ãè¡£

²Î¿¼£º

https://portswigger.net/research/cracking-the-lens-targeting-https-hidden-attack-surface

GET http£º// burpcollab / some / endpoint HTTP / 1.1
Ö÷»ú£º example.com 

and

GET @ burpcollab / some / endpoint HTTP / 1.1
Ö÷»ú£º example.com 

and

GET / some / endpoint HTTP / 1.1
Ö÷»ú£º example.com : 80@burpcollab 

and

GET / some / endpoint HTTP / 1.1
Ö÷»ú£º burpcollab 

and

GET / some / endpoint HTTP / 1.1
Ö÷»ú£º example.com 
X-Forwarded-Host£º burpcollab 

ÏîÄ¿µØÖ·£º

https://github.com/ethicalhackingplayground/ssrf-king#scanning-options