id: tls-sni-proxy info: name: TLS SNI Proxy Detection author: pdteam severity: info reference: - https://www.invicti.com/blog/web-security/ssrf-vulnerabilities-caused-by-sni-proxy-misconfigurations/ - https://www.bamsoftware.com/computers/sniproxy/ tags: ssrf,oast,tls,sni,proxy metadata: max-request: 1 http: - raw: - | @tls-sni: interactsh-url GET HTTP/1.1 Host: {{Hostname}} matchers: - type: word part: interactsh_protocol # Confirms the DNS Interaction words: - "dns"