-
Notifications
You must be signed in to change notification settings - Fork 73
Test Servers
Brendan Coles edited this page Dec 24, 2017
·
1 revision
SSRF Proxy includes test HTTP servers vulnerable to SSRF. These servers are used by the integration test suites.
The SSRFProxy::HTTP and SSRFProxy::Server integration tests contain configuration examples for exploiting these vulnerabilities with SSRF Proxy.
./test/common/http_server.rb
Several SSRF vulnerabilities are exposed:
- /net_http
- /net_http_blind
- /openuri
- /curl
- /curl_proxy
- /typhoeus
php -S 127.0.0.1:8087 -t ./test/common/php/
The readfile.php file is vulnerable to SSRF using PHP's readfile() method in the url parameter.