Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ethicalhackingplayground/TProxer
A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.
https://github.com/ethicalhackingplayground/TProxer
Last synced: 22 days ago
JSON representation
A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.
- Host: GitHub
- URL: https://github.com/ethicalhackingplayground/TProxer
- Owner: ethicalhackingplayground
- License: mit
- Created: 2021-11-20T05:28:37.000Z (about 3 years ago)
- Default Branch: main
- Last Pushed: 2021-11-22T11:05:35.000Z (about 3 years ago)
- Last Synced: 2024-11-16T08:06:09.144Z (27 days ago)
- Language: Python
- Size: 91.8 KB
- Stars: 176
- Watchers: 4
- Forks: 32
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - ethicalhackingplayground/TProxer - A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF. (Python)
README
TProxer
A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.
How •
Install •
Todo •
Join Discord
---
### How it works
- Attempts to gain access to internal APIs or files through a path based SSRF attack.
For instance `https://www.example.com/api/v1/users` we try the payload `/..;/..;/..;/..;/` hoping for a **400 Bad Request**:
- Then the Algorithm tries to find the potential internal API root with:
`https://www.example.com/api/v1/users/..;/..;/..;/` hoping for a **404 Not Found**
- Then, we try to discover content, if anything is found it performs additional test to see if it's 100% internal and worth investigating.
- Supports manual activation through context menu.
- Payloads are supplied by the user under dedicated tab, default values are stored under `query payloads.txt`
- You can also select your own wordlist
- Issues are added under the Issue Activity tab.
---
### Install
```bash
$ git clone https://github.com/ethicalhackingplayground/TProxer
```
- Download Jython from:
[https://www.jython.org/download.html](https://www.jython.org/download.html)
**Make sure you use Jython 2.7.2**
- Load burp, Extender -> Options
- Go to Python Environment -> Select file -> Select jython.jar
- Go to Extensions -> Add -> TProx.py
---
### Todo
- [ ] Make a better design
- [ ] Add more customization.
---
### License
TProxer is distributed under [MIT License](https://github.com/ethicalhackingplayground/TProxer/blob/main/LICENSE)
