Thank you to @beet1e(https://github.com/b33t1e) from Shanghai Jiao Tong University and @chenlibo147 , @houqinsheng, 202037049@mail.sdu.edu.cn from Shandong University.
Please review https://notes.sjtu.edu.cn/s/MUUhEymt7# for indepth information about the SSRF vulnerability (CVE-2023-27163).
This code is for enumerating the internal server using the SSRF in request-baskets.
If anything looks incorrect or any adjustments should be made please feel free to inform me seanrdev@gmail.com
Thanks.
Usage. -w - Wordlist -target - The target url with request basket api url to add baskets -dynamic - The name of the link you'd like to create to view internal server. -internal_target - The internal target url -ms - Milliseconds
Ex: -w raft-test.txt -target "http://10.10.10.5:55555/api/baskets/" -dynamic "test" -internal_target "http://120.0.0.1/"
Stdout should look like:
Page Link: web
Content Length: 2394
Request to reach URL: http://10.10.10.5:55555/test48