-
Notifications
You must be signed in to change notification settings - Fork 73
FAQ
Is SSRF via XXE supported?
Yes, check out the XXE example on the Example Usage page.
Is request smuggling supported?
No
Are HTTP persistent connections / HTTP Keep-Alive / Connection: keep-alive supported?
No. Every client request requires a new TCP connection.
Is HTTP CONNECT tunneling supported?
Yes. HTTP CONNECT tunneling is supported, however every client request requires a new TCP connection.
SSL tunneling is not supported.
Is proxychains supported?
Yes. HTTP CONNECT tunneling is supported, however every client request requires a new TCP connection.
Check out the proxychains example on the Example Usage page.
SSL tunneling is not supported.
Is SSL Tunneling supported?
No.
Are client HTTPS requests supported?
Yes, HTTPS requests are supported by the SSRFProxy::HTTP#send_uri() method in the Ruby library.
SSL tunneling is not supported by the ./bin/ssrf-proxy server, however a workaround exists.
When the ssl rule is specified SSRF Proxy will change the URL scheme to https for all requests. This effectively allows communications with third-party servers using HTTPS. Note that changing the rules requires restarting the proxy.
Does SSRF Proxy support any protocols other than HTTP(S)?
No.
Are SSRF requiring multiple requests supported?
No.