autossrf icon indicating copy to clipboard operation
autossrf copied to clipboard

Published 20 hours ago verified publisher icon Th0h0

What about POST method SSRF

Open z3dc0ps opened this issue 2 years ago • 1 comments

What about the POST method SSRF @Th0h0

z3dc0ps avatar Nov 21 '22 12:11 z3dc0ps

Hi, autoSSRF currently doesn't currently operate on POST requests. It's due to the fact that It was aimed to be used right after URLs-collecting tools - like waybacksurls or gau.

Supporting other methods than GET (PUT/POST for instance) would either imply that: (1) autoSSRF makes its own HTML Form crawling or javascript file parsing (for XHRs) (2) autoSSRF accepts another type of input file, which would be a mix of URLs (GET) and serialized POST/PUT requests (including the HTTP method, the URL, body parameters, content type, and potential specific other HTTP headers).

If you want to contribute to the tool and make a PR for this, I'd be very happy to merge it.

Otherwise, I might soon attempt to code the improvement.

Thanks for your comment :)

Th0h0 avatar Nov 25 '22 14:11 Th0h0