Skip to content
/ SSRF2gopher Public

Gopher protocol is used a lot when exploiting SSRF. This script generates a gopher payload what can be user to submit data to a webform.

4 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

eMVee-NL/SSRF2gopher

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
README.md
README.md
 
 
SSRF2gopher.py
SSRF2gopher.py
 
 

Repository files navigation

SSRF2gopher

Gopher protocol is used a lot when exploiting SSRF. This script generates a gopher payload what can be used to submit data to a webform. A Server-side Request Forgery (SSRF) vulnerability occurs when an attacker manipulates a server-side application into making HTTP requests to a domain of their choice, even internal applications can be a target.

image

Currently this script genererates only a payload for the POST method and it is not final yet.

Usage

It's pretty simple to generate a payload, just start the script.

python3 SSRF2gopher.py

Enter the following details:

  • Host, example localhost
  • Port number on target (host) for gopher, example 80
  • Endpoint (path), example /api/user/create/
  • Data what should be submitted something like, example username=Hacker&password=Password1234&[email protected]

The 'double' encoded payload can be usedto attack via the browser. (This worked for me while testing locally)

About

Gopher protocol is used a lot when exploiting SSRF. This script generates a gopher payload what can be user to submit data to a webform.

Resources

Readme
Activity

Stars

4 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages