Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

generic_ssrf: Include vulnerable SSRF parameter in VULN description #2131

Merged
merged 4 commits into from
Jan 9, 2025
Merged

generic_ssrf: Include vulnerable SSRF parameter in VULN description #2131

merged 4 commits into from
Jan 9, 2025

Conversation

random-robbie
Copy link

Notification shows parameter that triggered the SSRF

@random-robbie
Update generic_ssrf.py
e400a75 
Notification shows parameter that triggered the SSRF
@liquidsec liquidsec changed the base branch from stable to dev January 6, 2025 20:36
@liquidsec
Copy link
Collaborator

I can appreciate the need for this, but i am concerned that looking for such generic words in the response will cause a lot of false positives in terms of reported triggering parameters.

I think the right way to do this is probably to generate a subdomain tag for each item, and maintain a mapping of subdomain tag to parameters. This will require some refactoring.

@random-robbie
Copy link
Author

I've yet to have a false positive on this so far. Found some weird endpoints that would take html parameter and slack would preview it.

Any FP's and I'll alert you but so far this has worked well.

@liquidsec liquidsec mentioned this pull request Jan 9, 2025
Closed
@liquidsec
Copy link
Collaborator

liquidsec commented Jan 9, 2025
edited
Loading

@random-robbie after revisiting this module, there are a lot of things I was no longer happy with and decided it needed a pretty major refactor. I started from your commit, and made it so any parameter used in an interactsh URL will get individually tracked across the life of the scan. This way, we will be able to identify the parameter just be associating the subdomain ID, regardless of whether the parameter appears in the response, and also ruling out any weird false positives.

Github will not let me change the from branch on a PR, so I had to create another one. You can find that here:

We figured out how :)

#2141

As such, I will close this PR

@liquidsec liquidsec closed this Jan 9, 2025
@TheTechromancer
Copy link
Collaborator

Thanks @random-robbie, after @liquidsec's edits, this is approved. Congrats on your first contribution 🙏

@TheTechromancer TheTechromancer changed the title Update generic_ssrf.py generic_ssrf: Include vulnerable SSRF parameter in VULN description Jan 9, 2025
@liquidsec liquidsec merged commit 4a42f93 into blacklanternsecurity:dev Jan 9, 2025
15 checks passed
@TheTechromancer TheTechromancer mentioned this pull request Jan 9, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TheTechromancer TheTechromancer TheTechromancer approved these changes

@TMDeal TMDeal TMDeal approved these changes

@liquidsec liquidsec Awaiting requested review from liquidsec

Assignees

@liquidsec liquidsec

Labels
None yet
Projects
None yet
Milestone
BBOT 2.3.0 - ferocious_raymond
Development

Successfully merging this pull request may close these issues.
4 participants
@random-robbie @liquidsec @TheTechromancer @TMDeal