Priest is a simple index.html file containing JavaScript code which can extract useful information from Browser SSRF Vulnerabilities


What Inforamtion can get extracted
- Extract complete navigator object
- Browser User-Agent
- OS Platform version
- Language
- Browser Version
- IP Address v4/v6
- ASN Number
- Org Name
- Timezone
- Number of System Logical Processors
- etc.
How to use
In order to make our lives easier, a simple python3-WebServer script has been included which will server http on http://0.0.0.0:8000/index.html
and when a browser requests the address all the information will get extracted and shown in the webpage, this is useful in pdf exports, controllable headless browsers, etc.
Using Seperate index.html
git clone https://github.com/sinsinsecurity/priest.git
cd priest
put index.html on a webserver
OR Using the priest.py webserver
git clone https://github.com/sinsinsecurity/priest.git
cd priest
chmod +x priest.py
./priest.py 8000
Result
This is very useful when dealing with EC2 Servers, Google Clouds and html renderes in order to detect the used technology for further exploitation

Priest (this link opens in a new window) by sinsinsecurity (this link opens in a new window)
Extract server and IP address information from Browser SSRF