A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.

Overview

TProxer
Erebus

A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.

HowInstallTodoJoin Discord



TProxer

How it works

  • Attempts to gain access to internal APIs or files through a path based SSRF attack. For instance https://www.example.com/api/v1/users we try the payload /..;/..;/..;/..;/ hoping for a 400 Bad Request:
  • Then the Algorithm tries to find the potential internal API root with: https://www.example.com/api/v1/users/..;/..;/..;/ hoping for a 404 Not Found
  • Then, we try to discover content, if anything is found it performs additional test to see if it's 100% internal and worth investigating.
  • Supports manual activation through context menu.
  • Payloads are supplied by the user under dedicated tab, default values are stored under query payloads.txt
  • You can also select your own wordlist
  • Issues are added under the Issue Activity tab.

Install

$ git clone https://github.com/ethicalhackingplayground/TProxer
  • Download Jython from:

https://www.jython.org/download.html

  • Load burp, Extender -> Options
  • Go to Python Environment -> Select file -> Select jython.jar
  • Go to Extensions -> Add -> TProx.py

Todo

  • Make a better design
  • Add more customization.

License

TProxer is distributed under MIT License

Join Discord

You might also like...
ProxyLogon Pre-Auth SSRF To Arbitrary File Write

ProxyLogon Pre-Auth SSRF To Arbitrary File Write For Education and Research Usage: C:\python proxylogon.py mail.evil.corp [email protected] At

exchange-ssrf-rce

Usage python3 .\exchange-exp.py -------------------------------------------------------------------------------- |

ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)
ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF-GetWebShell)

ProxyLogon For Python3 ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF-GetWebShell) usage: python ProxyLogon.py --host=exchang

Apache Solr SSRF(CVE-2021-27905)

Solr-SSRF Apache Solr SSRF #Use [-] Apache Solr SSRF漏洞 (CVE-2021-27905) [-] Options: -h or --help : 方法说明 -u or --url

SSRF search vulnerabilities exploitation extended.
SSRF search vulnerabilities exploitation extended.

This tool search for SSRF using predefined settings in different parts of a request (path, host, headers, post and get parameters).

Some Attacks of Exchange SSRF ProxyLogon&ProxyShell
Some Attacks of Exchange SSRF ProxyLogon&ProxyShell

Some Attacks of Exchange SSRF This project is heavily replicated in ProxyShell, NtlmRelayToEWS https://mp.weixin.qq.com/s/GFcEKA48bPWsezNdVcrWag Get 1

This script checks for any possible SSRF dns/http interactions in xmlrpc.php pingback feature

rpckiller This script checks for any possible SSRF dns/http interactions in xmlrpc.php pingback feature and with that you can further try to escalate

AIL LeakFeeder: A Module for AIL Framework that automate the process to feed leaked files automatically to AIL

AIL LeakFeeder: A Module for AIL Framework that automates the process to feed leaked files automatically to AIL, So basically this feeder will help you ingest AIL with your leaked files automatically.

IPscan - This Script is Framework To automate IP process large scope For Bug Hunting
IPscan - This Script is Framework To automate IP process large scope For Bug Hunting

IPscan This Script is Framework To automate IP process large scope For Bug Hunti

Comments
  • Error with python import.

    Error with python import.

    Traceback (most recent call last):
      File "/Users/rwiggins/tools/TProxer/TProx.py", line 4, in <module>
        from javax.swing import JPanel, JButton, JTable, table, JLabel, JScrollPane, JTextField, GroupLayout, LayoutStyle, JFrame
    ImportError: cannot import name table
    
    	at org.python.core.Py.ImportError(Py.java:328)
    	at org.python.core.imp.importFromAs(imp.java:1168)
    	at org.python.core.imp.importFrom(imp.java:1132)
    	at org.python.pycode._pyx5.f$0(/Users/rwiggins/tools/TProxer/TProx.py:378)
    	at org.python.pycode._pyx5.call_function(/Users/rwiggins/tools/TProxer/TProx.py)
    	at org.python.core.PyTableCode.call(PyTableCode.java:167)
    	at org.python.core.PyCode.call(PyCode.java:18)
    	at org.python.core.Py.runCode(Py.java:1386)
    	at org.python.core.__builtin__.execfile_flags(__builtin__.java:535)
    	at org.python.util.PythonInterpreter.execfile(PythonInterpreter.java:286)
    	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:78)
    	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    	at java.base/java.lang.reflect.Method.invoke(Method.java:567)
    	at burp.c8o.<init>(Unknown Source)
    	at burp.ba0.a(Unknown Source)
    	at burp.ctj.lambda$panelLoaded$0(Unknown Source)
    	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
    	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
    	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130)
    	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630)
    	at java.base/java.lang.Thread.run(Thread.java:831)
    
    
    opened by random-robbie 1
  • TProx inserts '\r' character after each fragment of traversal payload

    TProx inserts '\r' character after each fragment of traversal payload

    TProx extension inserts '\r' character after each fragment of traversal payload. See example request below

    image

    The result is the target server responses with HTTP/400 to every request issued by TProx

    opened by MMquant 1
Owner
Krypt0mux
I'm an ethical hacker researcher and love to help people learn about computer security.
Krypt0mux
A Burp Pro extension that adds log4shell checks to Burp Scanner

scan4log4shell A Burp Pro extension that adds log4shell checks to Burp Scanner, written by Daniel Crowley of IBM X-Force Red. Installation To install

X-Force Red 26 Mar 15, 2022
Burp Suite extension for encoding/decoding EVM calldata

unblocker Burp Suite extension for encoding/decoding EVM calldata 0x00_prerequisites Burp Suite Java 8+ Python 2.7 0x01_installation clone this reposi

Halborn 16 Aug 30, 2022
A simple Burp Suite extension to extract datas from source code

DataExtractor A simple Burp Suite extension to extract datas from source code. Features in scope parsing file extensions to ignore files exclusion bas

Gwendal Le Coguic 86 Dec 31, 2022
About Hive Burp Suite Extension

Hive Burp Suite Extension Description Hive extension for Burp Suite. This extension allows you to send data from Burp to Hive in one click. Create iss

null 7 Dec 7, 2022
Mert Güvençli 142 Jan 5, 2023
A burp-suite plugin that extract all parameter names from in-scope requests

ParamsExtractor A burp-suite plugin that extract all parameters name from in-scope requests. You can run the plugin while you are working on the targe

null 29 Nov 9, 2022
A tool to find good RCE From my series: A powerful Burp extension to make bounties rain

A tool to find good RCE From my series: A powerful Burp extension to make bounties rain

null 52 Dec 16, 2022
Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks.

Driver Buddy Reloaded Quickstart Table of Contents Installation Usage About Driver Buddy Reloaded Finding DispatchDeviceControl Labelling WDM & WDF St

Paolo 'VoidSec' Stagno 199 Jan 4, 2023
CVE-2021-26855 SSRF Exchange Server

CVE-2021-26855 Brute Force EMail Exchange Server Timeline: Monday, March 8, 2021: Update Dumping content...(I'm not done, can u guy help me done this

lulz 117 Nov 28, 2022
PoC of proxylogon chain SSRF(CVE-2021-26855) to write file by testanull, censored by github

CVE-2021-26855 PoC of proxylogon chain SSRF(CVE-2021-26855) to write file by testanull, censored by github Why does github remove this exploit because

The Hacker's Choice 58 Nov 15, 2022