Build an HTTP Proxy to Abuse SSRF [HackTheBox - Response]

In Response from HackTheBox, there's a point where I have to abuse an API endpoint to get SSRF into the inner network that I can't access directly. I'll write a Python Flask application that works as a HTTP proxy so that these requests work while Firefox doesn't know it's working through the SSRF. Response Writeup: https://0xdf.gitlab.io/2023/02/04/htb-response.html#access-to-chat-as-guest ☕ Buy Me A Coffee: https://www.buymeacoffee.com/0xdf [00:00] Introduction [01:10] Overview of different sites [02:35] Digests [03:46] Getting digest by abusing cookie [05:15] Proxy strategy [06:20] Structural diagram [08:26] Creating basic Flask application [09:30] Creating default route [11:09] Code to hit /fetch [14:30] get_digest function [17:30] Setting up Burp to forward to proxy [18:16] Testing, catching a couple errors, starting to work [20:30] Decoding responses, proxy works for most GETs [22:35] Adding mimetype for CSS, JS [27:35] Adding support for POST [33:29] Logging in, chatting, things are working [34:00] Summary