{"id":13845473,"url":"https://github.com/ethicalhackingplayground/TProxer","last_synced_at":"2025-07-12T02:31:29.635Z","repository":{"id":37244851,"uuid":"430017290","full_name":"ethicalhackingplayground/TProxer","owner":"ethicalhackingplayground","description":"A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.","archived":false,"fork":false,"pushed_at":"2021-11-22T11:05:35.000Z","size":94,"stargazers_count":176,"open_issues_count":2,"forks_count":32,"subscribers_count":4,"default_branch":"main","last_synced_at":"2024-11-16T08:06:09.144Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ethicalhackingplayground.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-11-20T05:28:37.000Z","updated_at":"2024-10-28T19:52:09.000Z","dependencies_parsed_at":"2022-08-18T22:11:10.999Z","dependency_job_id":null,"html_url":"https://github.com/ethicalhackingplayground/TProxer","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ethicalhackingplayground%2FTProxer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ethicalhackingplayground%2FTProxer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ethicalhackingplayground%2FTProxer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ethicalhackingplayground%2FTProxer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ethicalhackingplayground","download_url":"https://codeload.github.com/ethicalhackingplayground/TProxer/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225784594,"owners_count":17523675,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T17:03:25.455Z","updated_at":"2024-11-21T18:31:54.943Z","avatar_url":"https://github.com/ethicalhackingplayground.png","language":"Python","readme":"\u003ch1 align=\"center\"\u003eTProxer\n  \u003cbr\u003e\n    \u003cimg src=\"https://media.istockphoto.com/vectors/spy-agent-detective-vector-id911660874?k=20\u0026m=911660874\u0026s=612x612\u0026w=0\u0026h=1zkZPaYJ1o8948xDc5ikQ2bKbyuPzsZQrZaKBnO55_4=\" width=\"200px\" alt=\"Erebus\"\u003e\n\u003c/h1\u003e\n\n\u003ch4 align=\"center\"\u003eA Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.\u003c/h4\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"/LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/badge/license-MIT-blue.svg\"/\u003e\u003c/a\u003e\n  \u003ca href=\"https://docs.python.org/3/index.html\"\u003e\u003cimg src=\"https://img.shields.io/badge/python-3.6-blue.svg\"/\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/ethicalhackingplayground/TProxer/issues\"\u003e\u003cimg src=\"https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://twitter.com/z0idsec\"\u003e\u003cimg src=\"https://img.shields.io/twitter/follow/z0idsec.svg?logo=twitter\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://discord.gg/MQWCem5b\"\u003e\u003cimg src=\"https://img.shields.io/discord/862900124740616192.svg?logo=discord\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"#how-it-works\"\u003eHow\u003c/a\u003e •\n  \u003ca href=\"#install\"\u003eInstall\u003c/a\u003e •\n  \u003ca href=\"#todo\"\u003eTodo\u003c/a\u003e •\n  \u003ca href=\"https://discord.gg/MQWCem5b\"\u003eJoin Discord\u003c/a\u003e \n\u003c/p\u003e\n\n---\n\n\u003ch1 align=\"center\"\u003e\n  \u003cbr\u003e\n    \u003cimg src=\"https://github.com/ethicalhackingplayground/TProxer/blob/main/static/demo.png\" width=\"500px\" alt=\"TProxer\"\u003e\n\u003c/h1\u003e\n\n### How it works\n\n- Attempts to gain access to internal APIs or files through a path based SSRF attack.\n  For instance `https://www.example.com/api/v1/users` we try the payload `/..;/..;/..;/..;/` hoping for a **400 Bad Request**:\n- Then the Algorithm tries to find the potential internal API root with:\n  `https://www.example.com/api/v1/users/..;/..;/..;/` hoping for a **404 Not Found**\n- Then, we try to discover content, if anything is found it performs additional test to see if it's 100% internal and worth investigating.\n- Supports manual activation through context menu.\n- Payloads are supplied by the user under dedicated tab, default values are stored under `query payloads.txt`\n- You can also select your own wordlist\n- Issues are added under the Issue Activity tab.\n\n---\n\n### Install\n\n```bash\n$ git clone https://github.com/ethicalhackingplayground/TProxer\n```\n\n- Download Jython from:\n\n[https://www.jython.org/download.html](https://www.jython.org/download.html)\n\n**Make sure you use Jython 2.7.2**\n\n- Load burp, Extender -\u003e Options\n- Go to Python Environment -\u003e Select file -\u003e Select jython.jar\n- Go to Extensions -\u003e Add -\u003e TProx.py\n\n---\n\n### Todo\n\n- [ ] Make a better design\n- [ ] Add more customization.\n\n---\n\n### License\n\nTProxer is distributed under [MIT License](https://github.com/ethicalhackingplayground/TProxer/blob/main/LICENSE)\n\n\u003ch1 align=\"left\"\u003e\n  \u003ca href=\"https://discord.gg/MQWCem5b\"\u003e\u003cimg src=\"static/Join-Discord.png\" width=\"380\" alt=\"Join Discord\"\u003e\u003c/a\u003e\n\u003c/h1\u003e\n","funding_links":[],"categories":["Python"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fethicalhackingplayground%2FTProxer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fethicalhackingplayground%2FTProxer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fethicalhackingplayground%2FTProxer/lists"}