{"id":13845213,"url":"https://github.com/iamultra/ssrfsocks","last_synced_at":"2025-07-12T01:32:00.099Z","repository":{"id":4217327,"uuid":"5338717","full_name":"iamultra/ssrfsocks","owner":"iamultra","description":"Creates a SOCK proxy server that transmits data over an SSRF vulnerability","archived":false,"fork":false,"pushed_at":"2012-08-08T17:55:50.000Z","size":166,"stargazers_count":115,"open_issues_count":0,"forks_count":32,"subscribers_count":6,"default_branch":"master","last_synced_at":"2024-11-21T18:39:07.096Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/iamultra.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2012-08-08T07:52:12.000Z","updated_at":"2024-08-12T19:21:20.000Z","dependencies_parsed_at":"2022-08-08T05:00:03.874Z","dependency_job_id":null,"html_url":"https://github.com/iamultra/ssrfsocks","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/iamultra/ssrfsocks","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iamultra%2Fssrfsocks","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iamultra%2Fssrfsocks/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iamultra%2Fssrfsocks/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iamultra%2Fssrfsocks/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/iamultra","download_url":"https://codeload.github.com/iamultra/ssrfsocks/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iamultra%2Fssrfsocks/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264923075,"owners_count":23683716,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T17:03:16.411Z","updated_at":"2025-07-12T01:31:59.767Z","avatar_url":"https://github.com/iamultra.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"ssrfsocks: SOCKS-based SSRF tunneling proxy\n\n  ssrfsocks utilizes an existing Server-Side Request Forgercy vulnerability to\n  tunnel traffic through it. This code acts as a SOCKS4 proxy server, and\n  relays traffic through the SSRF vuln and returns the result. This concept is\n  based on the Blackhat 2012 presentation by Polyakov \u0026 Chastukhin on SSRF and\n  XXE tunneling.\n\nLimitations:\n\n  Due to the nature of SSRF vulnerabilities, only one response is made from a\n  request. This means that it is not possible to run an interactive session. We\n  can however send single-shot messages to internal services. This means it's \n  possible to, for example, send an email via SMTP, and grab the banner of most\n  services. This will tend to be most useful with simple protocols like SMTP \n  and HTTP, and ineffective with protocols such as SSH and TLS.\n\nExample:\n\n    $ ./ssrfproxy \"http://victim.com/openurl?url=\"\n    listener ready on port 65432\n\n    $ echo -e \"HELO localhost\\nMAIL FROM:root@victim.com\\nRCPT TO: root@ultramegaman.com\\nDATA\\nSubject: test\\n\\nthis is a test\\n.\\nQUIT\\n\" \\\n      | proxychains nc 127.0.0.1 25\n\n  In the above scenario, it's necessary to configure proxychains.conf:\n  \n    [ProxyList]\n    socks4 127.0.0.1 65432\n\nTesting:\n\n  Currently, the SOCKS4A code is untested, as proxychains doesn't seem to\n  support it. I found limited success with running nmap over this proxy, as \n  nmap reports closed ports as open, and some open ports as closed.\n  \n  This script was tested against a vulnerable app that passed a user-controlled\n  value to code that treated the value as a URI, fetched it, and returned the\n  result. It's likely not usable against XXE vulnerabilities without some\n  modification.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fiamultra%2Fssrfsocks","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fiamultra%2Fssrfsocks","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fiamultra%2Fssrfsocks/lists"}