From 79a1e0d1f41cac5f8f7f124493422a0a9bf3659b Mon Sep 17 00:00:00 2001
From: jumbo <admin@chinabaiker.com>
Date: Wed, 26 Jul 2023 15:48:29 +0800
Subject: [PATCH 1/2] add Blind SSRF with proxy param or url param

---
 other/Blind-SSRF-By-Collaborator.bcheck | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 other/Blind-SSRF-By-Collaborator.bcheck

diff --git a/other/Blind-SSRF-By-Collaborator.bcheck b/other/Blind-SSRF-By-Collaborator.bcheck
new file mode 100644
index 0000000..9edd824
--- /dev/null
+++ b/other/Blind-SSRF-By-Collaborator.bcheck
@@ -0,0 +1,23 @@
+metadata:
+    language: v1-beta
+    name: "Blind SSRF By Collaborator"
+    description: "Blind SSRF with proxy param or url param"
+    author: "Jumbo@chinabaiker.com"
+
+
+define:
+    proxy_ssrf = `http://{generate_collaborator_address()}/proxy`
+    url_ssrf = `https://{generate_collaborator_address()}/url`
+given request then
+    send request:
+        appending queries:
+				  `proxy={proxy_ssrf}`,
+          `url={url_ssrf}`
+    if http interactions then
+        report issue:
+            severity: high
+            confidence: firm
+            detail: "The site request url params or proxy params, There may be ssrf vulnerabilities."
+            remediation: "Ensure that the site does not directly request URLs from the proxy param or url param."
+    end if
+

From 4e1ba7df6ef5ab0f0f7d3531e52c5d2ae0350327 Mon Sep 17 00:00:00 2001
From: jumbo <admin@chinabaiker.com>
Date: Fri, 28 Jul 2023 14:23:39 +0800
Subject: [PATCH 2/2] FIX Blind SSRF with proxy param or url param

---
 other/Blind-SSRF-By-Collaborator.bcheck | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/other/Blind-SSRF-By-Collaborator.bcheck b/other/Blind-SSRF-By-Collaborator.bcheck
index 9edd824..b1e6ddf 100644
--- a/other/Blind-SSRF-By-Collaborator.bcheck
+++ b/other/Blind-SSRF-By-Collaborator.bcheck
@@ -4,14 +4,14 @@ metadata:
     description: "Blind SSRF with proxy param or url param"
     author: "Jumbo@chinabaiker.com"
 
-
 define:
     proxy_ssrf = `http://{generate_collaborator_address()}/proxy`
     url_ssrf = `https://{generate_collaborator_address()}/url`
+
 given request then
     send request:
         appending queries:
-				  `proxy={proxy_ssrf}`,
+	  `proxy={proxy_ssrf}`,
           `url={url_ssrf}`
     if http interactions then
         report issue: