-
Notifications
You must be signed in to change notification settings - Fork 73
FAQ
Frequently asked questions:
- Is SSRF via XXE supported?
- Is request smuggling supported?
- Are HTTP persistent connections / HTTP Keep-Alive /
Connection: keep-alivesupported? - Is HTTP CONNECT tunneling supported?
- Is proxychains supported?
- Is SSL Tunneling supported?
- Are client HTTPS requests supported?
- Does SSRF Proxy support any protocols other than HTTP(S)?
- Are SSRF requiring multiple requests supported?
- Are upstream proxies supported?
Is SSRF via XXE supported?
Yes, check out the XXE example on the Example Usage page.
Is request smuggling supported?
No
Are HTTP persistent connections / HTTP Keep-Alive / Connection: keep-alive supported?
No. Every client request requires a new TCP connection.
Is HTTP CONNECT tunneling supported?
Yes. HTTP CONNECT tunneling is supported, however every client request requires a new TCP connection.
SSL tunneling is not supported.
Is proxychains supported?
Yes. HTTP CONNECT tunneling is supported, however every client request requires a new TCP connection.
Check out the proxychains example on the Example Usage page.
SSL tunneling is not supported.
Is SSL Tunneling supported?
No.
Are client HTTPS requests supported?
Yes, HTTPS requests are supported by the SSRFProxy::HTTP#send_uri() method in the Ruby library.
SSL tunneling is not supported by the ./bin/ssrf-proxy server, however a workaround exists.
When the ssl rule is specified SSRF Proxy will change the URL scheme to https for all requests. This effectively allows communications with third-party servers using HTTPS. Note that changing the rules requires restarting the proxy.
Does SSRF Proxy support any protocols other than HTTP(S)?
No.
Are SSRF requiring multiple requests supported?
No.
Are upstream proxies supported?
Yes, upstream HTTP proxies are supported.
An intermediary HTTP proxy (such as Burp) is required for SOCKS proxying.