TLS SNI Proxy Detection

ID: tls-sni-proxy

Severity: info

Author: pdteam

Tags: misconfig,ssrf,oast,tls,sni,proxy

Description

YAML Source

id: tls-sni-proxy

info:
  name: TLS SNI Proxy Detection
  author: pdteam
  severity: info
  reference:
    - https://www.invicti.com/blog/web-security/ssrf-vulnerabilities-caused-by-sni-proxy-misconfigurations/
    - https://www.bamsoftware.com/computers/sniproxy/
  metadata:
    max-request: 1
  tags: misconfig,ssrf,oast,tls,sni,proxy

http:
  - raw:
      - |
        @tls-sni: interactsh-url
        GET HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: word
        part: interactsh_protocol # Confirms the DNS Interaction
        words:
          - "dns"
# digest: 4b0a00483046022100cb15c13f80ed47dd49ab675196f8b684d1cfdf4a05f49d179170e5005a2bb63b02210093a54acee48c038aee289a2371d515a50c7376343cc02c56946c1b63ab565bf0:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/misconfiguration/tls-sni-proxy.yaml"

View on Github