特征
✔️ 测试所有请求是否存在任何外部交互。
✔️ Checks to see if any interactions are not the users IP if it is, it's an open redirect.
-
✔️ Alerts the user for any external interactions with information such as
扫描选项
✔️ 支持被动和主动扫描。
参考:
https://portswigger.net/research/cracking-the-lens-targeting-https-hidden-attack-surface
GET http:// burpcollab / some / endpoint HTTP / 1.1
主机: example.com
and
GET @ burpcollab / some / endpoint HTTP / 1.1
主机: example.com
and
GET / some / endpoint HTTP / 1.1
主机: example.com : 80@burpcollab
and
GET / some / endpoint HTTP / 1.1
主机: burpcollab
and
GET / some / endpoint HTTP / 1.1
主机: example.com
X-Forwarded-Host: burpcollab
项目地址:
https://github.com/ethicalhackingplayground/ssrf-king#scanning-options
本文始发于微信公众号(Khan安全攻防实验室):Burp 自动SSRF插件
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论