Giters

initstring / switcheroo

Universal LAN-based SSRF Attack Primitive

Home Page:https://initblog.com/2019/switcheroo/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

switcheroo

Overview

Switcheroo is a POC demonstrating a universal SSRF strategy for LAN-based attacks against vulnerable SSDP services. One such service happens to be included in default installations of Microsoft Windows.

You can read the full details in my blog here.

flowchart

Utilization

The tool should be run from a Linux host with vulnerable systems on the same network segment. It will listen for SSDP multicast discover requests, replying to them with fake device description URL. When the SSDP service on a vulnerable system accesses that URL, the tool will reply with an HTTP 301 redirect to an arbitrary URL that you provide with the -u option. This URL can be anything on any host (including localhost and protected networks).

You can tell switcheroo to reply only to a specific host by supplying the IP address of your target with -t. Or, run it "karma-mode" style with -t "*".

You also must provide the interface your attacking machine will host the HTTP redirect on. By default, it will bind to 8888 but you can change this with -p.

Full Help

usage: switcheroo.py [-h] -i INTERFACE [-p PORT] -u URL -t TARGET

optional arguments:
  -h, --help            show this help message and exit
  -i INTERFACE, --interface INTERFACE
                        Network interface to listen on.
  -p PORT, --port PORT  Port for HTTP server. Defaults to 8888.
  -u URL, --url URL     Force target to perform a GET here
  -t TARGET, --target TARGET
                        Target victim. Enter an IP or "*"

About

Universal LAN-based SSRF Attack Primitive

https://initblog.com/2019/switcheroo/

License:GNU General Public License v3.0

Languages

Language:Python 100.0%