diff --git a/README.md b/README.md index 011e91d..8b9a489 100644 --- a/README.md +++ b/README.md @@ -67,6 +67,7 @@ $ python3 ssrfmap.py --lport LPORT LPORT reverse shell --uagent USERAGENT User Agent to use --ssl [SSL] Use HTTPS without verification + --proxy PROXY Use HTTP(s) proxy (ex: http://localhost:8080) --level [LEVEL] Level of test to perform (1-5, default: 1) ``` diff --git a/core/requester.py b/core/requester.py index 9f07afa..c26c1b7 100644 --- a/core/requester.py +++ b/core/requester.py @@ -12,7 +12,7 @@ class Requester(object): headers = {} data = {} - def __init__(self, path, uagent, ssl): + def __init__(self, path, uagent, ssl, proxies): try: # Read file request with open(path, 'r') as f: @@ -45,6 +45,8 @@ class Requester(object): # Handling HTTPS requests if ssl == True: self.protocol = "https" + + self.proxies = proxies except Exception as e: logging.warning("Bad Format or Raw data !") @@ -88,7 +90,8 @@ class Requester(object): json=data_injected, timeout=timeout, stream=stream, - verify=False + verify=False, + proxies=self.proxies ) # Handle FORM data @@ -99,7 +102,8 @@ class Requester(object): data=data_injected, timeout=timeout, stream=stream, - verify=False + verify=False, + proxies=self.proxies ) else: if self.headers['Content-Type'] and "application/xml" in self.headers['Content-Type']: @@ -115,7 +119,8 @@ class Requester(object): data=data_xml, timeout=timeout, stream=stream, - verify=False + verify=False, + proxies=self.proxies ) else: @@ -134,7 +139,8 @@ class Requester(object): headers=self.headers, timeout=timeout, stream=stream, - verify=False + verify=False, + proxies=self.proxies ) except Exception as e: logging.error(e) diff --git a/core/ssrf.py b/core/ssrf.py index 735b8ac..7a0040b 100644 --- a/core/ssrf.py +++ b/core/ssrf.py @@ -24,8 +24,15 @@ class SSRF(object): handler = self.handler.exploit(args.lport) handler.start() + proxies = None + if args.proxy: + proxies = { + "http" : args.proxy, + "https" : args.proxy, + } + # Init a requester - self.requester = Requester(args.reqfile, args.useragent, args.ssl) + self.requester = Requester(args.reqfile, args.useragent, args.ssl, proxies) # NOTE: if args.param == None, target everything if args.param == None: diff --git a/ssrfmap.py b/ssrfmap.py index 49cf3fb..852acf4 100644 --- a/ssrfmap.py +++ b/ssrfmap.py @@ -34,6 +34,7 @@ def parse_args(): parser.add_argument('--rfiles', action ='store', dest='targetfiles', help="Files to read with readfiles module", nargs='?', const=True) parser.add_argument('--uagent',action ='store', dest='useragent', help="User Agent to use") parser.add_argument('--ssl', action ='store', dest='ssl', help="Use HTTPS without verification", nargs='?', const=True) + parser.add_argument('--proxy', action ='store', dest='proxy', help="Use HTTP(s) proxy (ex: http://localhost:8080)") parser.add_argument('--level', action ='store', dest='level', help="Level of test to perform (1-5, default: 1)", nargs='?', const=1, default=1, type=int) results = parser.parse_args()