Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

What about POST method SSRF #1

Open
z3dc0ps opened this issue Nov 21, 2022 · 1 comment
Open

What about POST method SSRF #1

z3dc0ps opened this issue Nov 21, 2022 · 1 comment
Assignees
@Th0h0

Comments

@z3dc0ps
Copy link

z3dc0ps commented Nov 21, 2022

What about the POST method SSRF @Th0h0
@Th0h0
Copy link
Owner

Th0h0 commented Nov 25, 2022
edited
Loading

Hi, autoSSRF currently doesn't currently operate on POST requests.
It's due to the fact that It was aimed to be used right after URLs-collecting tools - like waybacksurls or gau.

Supporting other methods than GET (PUT/POST for instance) would either imply that:
(1) autoSSRF makes its own HTML Form crawling or javascript file parsing (for XHRs)
(2) autoSSRF accepts another type of input file, which would be a mix of URLs (GET) and serialized POST/PUT requests (including the HTTP method, the URL, body parameters, content type, and potential specific other HTTP headers).

If you want to contribute to the tool and make a PR for this, I'd be very happy to merge it.

Otherwise, I might soon attempt to code the improvement.

Thanks for your comment :)

@Th0h0 Th0h0 self-assigned this Nov 25, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Th0h0 Th0h0

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Th0h0 @z3dc0ps