Add HTTP proxy support
parent
d8851aef1c
commit
bb368088f4
|
@ -67,6 +67,7 @@ $ python3 ssrfmap.py
|
||||||
--lport LPORT LPORT reverse shell
|
--lport LPORT LPORT reverse shell
|
||||||
--uagent USERAGENT User Agent to use
|
--uagent USERAGENT User Agent to use
|
||||||
--ssl [SSL] Use HTTPS without verification
|
--ssl [SSL] Use HTTPS without verification
|
||||||
|
--proxy PROXY Use HTTP(s) proxy (ex: http://localhost:8080)
|
||||||
--level [LEVEL] Level of test to perform (1-5, default: 1)
|
--level [LEVEL] Level of test to perform (1-5, default: 1)
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -12,7 +12,7 @@ class Requester(object):
|
||||||
headers = {}
|
headers = {}
|
||||||
data = {}
|
data = {}
|
||||||
|
|
||||||
def __init__(self, path, uagent, ssl):
|
def __init__(self, path, uagent, ssl, proxies):
|
||||||
try:
|
try:
|
||||||
# Read file request
|
# Read file request
|
||||||
with open(path, 'r') as f:
|
with open(path, 'r') as f:
|
||||||
|
@ -45,6 +45,8 @@ class Requester(object):
|
||||||
# Handling HTTPS requests
|
# Handling HTTPS requests
|
||||||
if ssl == True:
|
if ssl == True:
|
||||||
self.protocol = "https"
|
self.protocol = "https"
|
||||||
|
|
||||||
|
self.proxies = proxies
|
||||||
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
logging.warning("Bad Format or Raw data !")
|
logging.warning("Bad Format or Raw data !")
|
||||||
|
@ -88,7 +90,8 @@ class Requester(object):
|
||||||
json=data_injected,
|
json=data_injected,
|
||||||
timeout=timeout,
|
timeout=timeout,
|
||||||
stream=stream,
|
stream=stream,
|
||||||
verify=False
|
verify=False,
|
||||||
|
proxies=self.proxies
|
||||||
)
|
)
|
||||||
|
|
||||||
# Handle FORM data
|
# Handle FORM data
|
||||||
|
@ -99,7 +102,8 @@ class Requester(object):
|
||||||
data=data_injected,
|
data=data_injected,
|
||||||
timeout=timeout,
|
timeout=timeout,
|
||||||
stream=stream,
|
stream=stream,
|
||||||
verify=False
|
verify=False,
|
||||||
|
proxies=self.proxies
|
||||||
)
|
)
|
||||||
else:
|
else:
|
||||||
if self.headers['Content-Type'] and "application/xml" in self.headers['Content-Type']:
|
if self.headers['Content-Type'] and "application/xml" in self.headers['Content-Type']:
|
||||||
|
@ -115,7 +119,8 @@ class Requester(object):
|
||||||
data=data_xml,
|
data=data_xml,
|
||||||
timeout=timeout,
|
timeout=timeout,
|
||||||
stream=stream,
|
stream=stream,
|
||||||
verify=False
|
verify=False,
|
||||||
|
proxies=self.proxies
|
||||||
)
|
)
|
||||||
|
|
||||||
else:
|
else:
|
||||||
|
@ -134,7 +139,8 @@ class Requester(object):
|
||||||
headers=self.headers,
|
headers=self.headers,
|
||||||
timeout=timeout,
|
timeout=timeout,
|
||||||
stream=stream,
|
stream=stream,
|
||||||
verify=False
|
verify=False,
|
||||||
|
proxies=self.proxies
|
||||||
)
|
)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
logging.error(e)
|
logging.error(e)
|
||||||
|
|
|
@ -24,8 +24,15 @@ class SSRF(object):
|
||||||
handler = self.handler.exploit(args.lport)
|
handler = self.handler.exploit(args.lport)
|
||||||
handler.start()
|
handler.start()
|
||||||
|
|
||||||
|
proxies = None
|
||||||
|
if args.proxy:
|
||||||
|
proxies = {
|
||||||
|
"http" : args.proxy,
|
||||||
|
"https" : args.proxy,
|
||||||
|
}
|
||||||
|
|
||||||
# Init a requester
|
# Init a requester
|
||||||
self.requester = Requester(args.reqfile, args.useragent, args.ssl)
|
self.requester = Requester(args.reqfile, args.useragent, args.ssl, proxies)
|
||||||
|
|
||||||
# NOTE: if args.param == None, target everything
|
# NOTE: if args.param == None, target everything
|
||||||
if args.param == None:
|
if args.param == None:
|
||||||
|
|
|
@ -34,6 +34,7 @@ def parse_args():
|
||||||
parser.add_argument('--rfiles', action ='store', dest='targetfiles', help="Files to read with readfiles module", nargs='?', const=True)
|
parser.add_argument('--rfiles', action ='store', dest='targetfiles', help="Files to read with readfiles module", nargs='?', const=True)
|
||||||
parser.add_argument('--uagent',action ='store', dest='useragent', help="User Agent to use")
|
parser.add_argument('--uagent',action ='store', dest='useragent', help="User Agent to use")
|
||||||
parser.add_argument('--ssl', action ='store', dest='ssl', help="Use HTTPS without verification", nargs='?', const=True)
|
parser.add_argument('--ssl', action ='store', dest='ssl', help="Use HTTPS without verification", nargs='?', const=True)
|
||||||
|
parser.add_argument('--proxy', action ='store', dest='proxy', help="Use HTTP(s) proxy (ex: http://localhost:8080)")
|
||||||
parser.add_argument('--level', action ='store', dest='level', help="Level of test to perform (1-5, default: 1)", nargs='?', const=1, default=1, type=int)
|
parser.add_argument('--level', action ='store', dest='level', help="Level of test to perform (1-5, default: 1)", nargs='?', const=1, default=1, type=int)
|
||||||
results = parser.parse_args()
|
results = parser.parse_args()
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue