From eb535defd55a8e7a6598ce9c09549124c65666c4 Mon Sep 17 00:00:00 2001
From: Sandeep Singh <sandeep@projectdiscovery.io>
Date: Sun, 12 Feb 2023 14:13:38 +0530
Subject: [PATCH] Added TLS SNI Proxy Detection (#6729)

---
 misconfiguration/tls-sni-proxy.yaml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 misconfiguration/tls-sni-proxy.yaml

diff --git a/misconfiguration/tls-sni-proxy.yaml b/misconfiguration/tls-sni-proxy.yaml
new file mode 100644
index 0000000000..9d08e56c9d
--- /dev/null
+++ b/misconfiguration/tls-sni-proxy.yaml
@@ -0,0 +1,23 @@
+id: tls-sni-proxy
+
+info:
+  name: TLS SNI Proxy Detection
+  author: pdteam
+  severity: info
+  reference:
+    - https://www.invicti.com/blog/web-security/ssrf-vulnerabilities-caused-by-sni-proxy-misconfigurations/
+    - https://www.bamsoftware.com/computers/sniproxy/
+  tags: ssrf,oast,tls,sni,proxy
+
+requests:
+  - raw:
+      - |
+        @tls-sni: interactsh-url
+        GET HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: word
+        part: interactsh_protocol # Confirms the DNS Interaction
+        words:
+          - "dns"
\ No newline at end of file