ssrf_proxy icon indicating copy to clipboard operation
ssrf_proxy copied to clipboard

Published 20 hours ago verified publisher icon bcoles

Add support for HTTPS

Open bcoles opened this issue 7 years ago • 0 comments

The SSRF Proxy library for Ruby supports HTTPS requests, however the server is not a HTTPS proxy and does not support SSL/TLS tunneling.

I have a somewhat-working implementation, however it's lacking a few niceties and is not yet suitable for release. There's also some additional refactoring to be done as part of the changes.

SSL/TLS tunneling will be implemented in the next release: SSRF Proxy version 0.0.5.

In the interim, a temporary workaround exists.

When the --rules ssl option is specified, SSRF Proxy will change the URL scheme to https for all client requests. This effectively allows communications with third-party servers via SSRF using HTTPS. Note that changing the rules requires restarting the proxy.

bcoles avatar Dec 21 '17 15:12 bcoles