Sorry, this site doesn't work properly without JavaScript.

Server-side Request Forgery Detector

by Admin

on 11:03

This is the application source code for the SSRF Detector website. The website has been EOL as of April 7th 2017, but the code has been updated to be run on a local machine. This documentation is a little touch-and-go as there is a lot of configuration for Nginx, SSL, etc... but for a local instance it can be run as-is.

Setup

Setting up the application is pretty easy. The following things will be needed:

Mailgun API key
Google Recaptcha site/private keys
Blinkie API key (create this yourself and set in core/Dockerfile as well as blinkie/Dockerfile)
Session secret (any >24 character random string)

These will be set in core/Dockerfile as environmental variables.
For the actual website these variables were set at runtime, as it is not secure to store these in files. These were fed in at runtime using RancherOS which is a great container management platform (among other things). RancherOS also helped secure the databases, that is why there is no DB auth set up in this instance.

Local use

For local use add an entry into the /etc/hosts file for '127.0.0.1 a.blinkie.xyz' and register 'a' as the subdomain. Then http://a.blinkie.xyz:3001 can be used to trigger a request. The 3001 can be left off if a proper Nginx file is setup.

Running

Install docker-compose then run docker-compose build; docker-compose up;. The up command may have to be run twice, as docker-compose sometimes launches the NodeJS app before Mongo is done initializing. In that case run docker-compose down; docker-compose up;
The SSRF Detector website will be hosted on http://localhost:3000 and the Blinkie server will be run on http://localhost:3001. Note: the Blinkie server needs to be accessed by a domain name, otherwise it will not know which subdomain to report for.

Newer Posts Older Posts


      
      <script type='text/javascript'>
  setTimeout(function() {
    var headID = document.getElementsByTagName("head")[0];

    // External JavaScript files
    var externalScripts = [
      'https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1618281995222563',
      'https://www.googletagmanager.com/gtag/js?id=UA-43857487-1',
      'https://tools.cyberkendra.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js'
      'https://www.google-analytics.com/analytics.js'
      'https://tools.cyberkendra.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js'
    ];

    for (var i = 0; i < externalScripts.length; i++) {
      var newScript = document.createElement('script');
      newScript.type = 'text/javascript';
      newScript.src = externalScripts[i];
      headID.appendChild(newScript);
    }

    // External CSS files
    var externalStyles = [
	'https://www.google.com/cse/static/element/8435450f13508ca1/default_v5+en.css'
    ];

    for (var j = 0; j < externalStyles.length; j++) {
      var newLink = document.createElement('link');
      newLink.rel = 'stylesheet';
      newLink.type = 'text/css';
      newLink.href = externalStyles[j];
      headID.appendChild(newLink);
    }

    // Google Fonts
    var googleFonts = [
      'https://fonts.gstatic.com/s/rubik/v20/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-NYiFV0U1.woff2',
      'https://fonts.gstatic.com/s/rubik/v20/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-4I-FV0U1.woff2'
      'https://fonts.gstatic.com/s/rubik/v20/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFV0U1.woff2'
    ];

    for (var k = 0; k < googleFonts.length; k++) {
      var newLink = document.createElement('link');
      newLink.rel = 'stylesheet';
      newLink.type = 'text/css';
      newLink.href = googleFonts[k];
      headID.appendChild(newLink);
    }
  }, 5000);
</script>
    
<script type="text/javascript" src="https://www.blogger.com/static/v1/widgets/1807328581-widgets.js"></script>
<script type='text/javascript'>
window['__wavt'] = 'AOuZoY7xs4duKR28DuMIYlVlr50Rk0go2A:1714074495415';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\x3d3163889773480073810','//tools.cyberkendra.com/2019/06/server-side-request-forgery-detector.html','3163889773480073810');
_WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '3163889773480073810', 'title': 'Hack Tools', 'url': 'https://tools.cyberkendra.com/2019/06/server-side-request-forgery-detector.html', 'canonicalUrl': 'https://tools.cyberkendra.com/2019/06/server-side-request-forgery-detector.html', 'homepageUrl': 'https://tools.cyberkendra.com/', 'searchUrl': 'https://tools.cyberkendra.com/search', 'canonicalHomepageUrl': 'https://tools.cyberkendra.com/', 'blogspotFaviconUrl': 'https://tools.cyberkendra.com/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': true, 'httpsEnabled': true, 'enabledCommentProfileImages': true, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': 'UA-43857487-1', 'encoding': 'UTF-8', 'locale': 'en-GB', 'localeUnderscoreDelimited': 'en_gb', 'languageDirection': 'ltr', 'isPrivate': false, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'isDynamicViewsAvailable': true, 'feedLinks': '\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Hack Tools - Atom\x22 href\x3d\x22https://tools.cyberkendra.com/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22Hack Tools - RSS\x22 href\x3d\x22https://tools.cyberkendra.com/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Hack Tools - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/3163889773480073810/posts/default\x22 /\x3e\n\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Hack Tools - Atom\x22 href\x3d\x22https://tools.cyberkendra.com/feeds/1267900766246798460/comments/default\x22 /\x3e\n', 'meTag': '', 'adsenseClientId': 'ca-pub-1618281995222563', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': false, 'adsenseAutoAds': false, 'boqCommentIframeForm': true, 'loginRedirectParam': '', 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/111cb1309c0430aa', 'plusOneApiSrc': 'https://apis.google.com/js/platform.js', 'disableGComments': true, 'interstitialAccepted': false, 'sharing': {'platforms': [{'name': 'Get link', 'key': 'link', 'shareMessage': 'Get link', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': 'Share to Facebook', 'target': 'facebook'}, {'name': 'BlogThis!', 'key': 'blogThis', 'shareMessage': 'BlogThis!', 'target': 'blog'}, {'name': 'Twitter', 'key': 'twitter', 'shareMessage': 'Share to Twitter', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': 'Share to Pinterest', 'target': 'pinterest'}, {'name': 'Email', 'key': 'email', 'shareMessage': 'Email', 'target': 'email'}], 'disableGooglePlus': true, 'googlePlusShareButtonWidth': 0, 'googlePlusBootstrap': '\x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27en_GB\x27};\x3c/script\x3e'}, 'hasCustomJumpLinkMessage': true, 'jumpLinkMessage': 'Learn more \xbb', 'pageType': 'item', 'postId': '1267900766246798460', 'postImageThumbnailUrl': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3gYG9j4QFJV2Q3_0xzKNoNq_mlXsmvopittMwyIoUtIGMyFX-znNXKYjWFrngsCkcuoALVyWq9LeRuIsVqucSa3vIEeBc050GjgPTvp5Ixi7Kkqh8Fb8nu6fBBNmnsXc_uXI10sxdWcCI/s72-c/logo.png', 'postImageUrl': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3gYG9j4QFJV2Q3_0xzKNoNq_mlXsmvopittMwyIoUtIGMyFX-znNXKYjWFrngsCkcuoALVyWq9LeRuIsVqucSa3vIEeBc050GjgPTvp5Ixi7Kkqh8Fb8nu6fBBNmnsXc_uXI10sxdWcCI/s1600/logo.png', 'pageName': 'Server-side Request Forgery Detector ', 'pageTitle': 'Hack Tools: Server-side Request Forgery Detector ', 'metaDescription': ''}}, {'name': 'features', 'data': {}}, {'name': 'messages', 'data': {'edit': 'Edit', 'linkCopiedToClipboard': 'Link copied to clipboard', 'ok': 'Ok', 'postLink': 'Post link'}}, {'name': 'template', 'data': {'name': 'custom', 'localizedName': 'Custom', 'isResponsive': true, 'isAlternateRendering': false, 'isCustom': true}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\x3dtimeslide'}, 'isMobile': false, 'title': 'Server-side Request Forgery Detector ', 'description': '', 'featuredImage': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3gYG9j4QFJV2Q3_0xzKNoNq_mlXsmvopittMwyIoUtIGMyFX-znNXKYjWFrngsCkcuoALVyWq9LeRuIsVqucSa3vIEeBc050GjgPTvp5Ixi7Kkqh8Fb8nu6fBBNmnsXc_uXI10sxdWcCI/s1600/logo.png', 'url': 'https://tools.cyberkendra.com/2019/06/server-side-request-forgery-detector.html', 'type': 'item', 'isSingleItem': true, 'isMultipleItems': false, 'isError': false, 'isPage': false, 'isPost': true, 'isHomepage': false, 'isArchive': false, 'isLabelSearch': false, 'postId': 1267900766246798460}}, {'name': 'widgets', 'data': [{'title': 'JavaScript Variables', 'type': 'LinkList', 'sectionId': 'elcreative_panel_top', 'id': 'LinkList995'}, {'title': 'CSS Options', 'type': 'LinkList', 'sectionId': 'elcreative_panel_top', 'id': 'LinkList996'}, {'title': 'Custom SVG Pack (SVG Sprites)', 'type': 'HTML', 'sectionId': 'elcreative_panel_top', 'id': 'HTML994'}, {'title': 'Hack Tools (Header)', 'type': 'Header', 'sectionId': 'section_app_bar', 'id': 'Header1'}, {'title': 'Navigation Drawer Menu', 'type': 'LinkList', 'sectionId': 'section_navigation', 'id': 'LinkList999'}, {'title': 'More Menu', 'type': 'PageList', 'sectionId': 'section_navigation', 'id': 'PageList999'}, {'title': 'Post Ad Slot (Top)', 'type': 'HTML', 'sectionId': 'section_main_widget', 'id': 'HTML996'}, {'title': 'Blog Posts', 'type': 'Blog', 'sectionId': 'section_main_widget', 'id': 'Blog1', 'posts': [{'id': '1267900766246798460', 'title': 'Server-side Request Forgery Detector ', 'featuredImage': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3gYG9j4QFJV2Q3_0xzKNoNq_mlXsmvopittMwyIoUtIGMyFX-znNXKYjWFrngsCkcuoALVyWq9LeRuIsVqucSa3vIEeBc050GjgPTvp5Ixi7Kkqh8Fb8nu6fBBNmnsXc_uXI10sxdWcCI/s1600/logo.png', 'showInlineAds': false}], 'footerBylines': [{'regionName': 'footer1', 'items': [{'name': 'author', 'label': 'by'}, {'name': 'timestamp', 'label': 'on'}, {'name': 'comments', 'label': 'Post a Comment'}, {'name': 'share', 'label': ''}]}, {'regionName': 'footer2', 'items': [{'name': 'labels', 'label': ''}]}], 'allBylineItems': [{'name': 'author', 'label': 'by'}, {'name': 'timestamp', 'label': 'on'}, {'name': 'comments', 'label': 'Post a Comment'}, {'name': 'share', 'label': ''}, {'name': 'labels', 'label': ''}]}, {'title': 'Between Post Ad Slot', 'type': 'HTML', 'sectionId': 'section_main_widget', 'id': 'HTML995'}, {'title': 'Post Ad Slot (Bottom)', 'type': 'HTML', 'sectionId': 'section_main_widget', 'id': 'HTML997'}, {'title': '', 'type': 'HTML', 'sectionId': 'section_aside_widget', 'id': 'HTML1'}, {'title': 'Custom Vanilla JavaScript', 'type': 'HTML', 'sectionId': 'elcreative_panel_bottom', 'id': 'HTML998'}, {'title': 'Custom jQuery Script', 'type': 'HTML', 'sectionId': 'elcreative_panel_bottom', 'id': 'HTML999'}, {'title': 'Contact Form', 'type': 'ContactForm', 'sectionId': 'hidden', 'id': 'ContactForm1'}]}]);
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList995', 'elcreative_panel_top', document.getElementById('LinkList995'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList996', 'elcreative_panel_top', document.getElementById('LinkList996'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML994', 'elcreative_panel_top', document.getElementById('HTML994'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HeaderView', new _WidgetInfo('Header1', 'section_app_bar', document.getElementById('Header1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList999', 'section_navigation', document.getElementById('LinkList999'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PageListView', new _WidgetInfo('PageList999', 'section_navigation', document.getElementById('PageList999'), {'title': 'More Menu', 'links': [{'isCurrentPage': false, 'href': 'https://tools.cyberkendra.com/', 'title': 'Home'}], 'mobile': false, 'showPlaceholder': true, 'hasCurrentPage': false}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML996', 'section_main_widget', document.getElementById('HTML996'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'section_main_widget', document.getElementById('Blog1'), {'cmtInteractionsEnabled': false}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML995', 'section_main_widget', document.getElementById('HTML995'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML997', 'section_main_widget', document.getElementById('HTML997'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML1', 'section_aside_widget', document.getElementById('HTML1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML998', 'elcreative_panel_bottom', document.getElementById('HTML998'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML999', 'elcreative_panel_bottom', document.getElementById('HTML999'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_ContactFormView', new _WidgetInfo('ContactForm1', 'hidden', document.getElementById('ContactForm1'), {'contactFormMessageSendingMsg': 'Sending...', 'contactFormMessageSentMsg': 'Your message has been sent.', 'contactFormMessageNotSentMsg': 'Message could not be sent. Please try again later.', 'contactFormInvalidEmailMsg': 'A valid email address is required.', 'contactFormEmptyMessageMsg': 'Message field cannot be empty.', 'title': 'Contact Form', 'blogId': '3163889773480073810', 'contactFormNameMsg': 'Name', 'contactFormEmailMsg': 'Email', 'contactFormMessageMsg': 'Message', 'contactFormSendMsg': 'Send', 'contactFormToken': 'AOuZoY4KX8yvWS6w_LCiON6jQ5TW89o-uw:1714074495416', 'submitUrl': 'https://www.blogger.com/contact-form.do'}, 'displayModeFull'));
</script>
</body>