Priest Extract Server and IP Address Info from Browser SSRF
Priest Extract Server and IP Address Info from Browser SSRF

Priest: Extract Server and IP Address Info from Browser SSRF

Priest is a simple index.html file containing JavaScript code which can extract useful information from Browser SSRF Vulnerabilities

Browser SSRF Information Extractor
Browser SSRF Information Extractor
What is Priest
What is Priest

What Inforamtion can get extracted

  • Extract complete navigator object
  • Browser User-Agent
  • OS Platform version
  • Language
  • Browser Version
  • IP Address v4/v6
  • ASN Number
  • Org Name
  • Timezone
  • Number of System Logical Processors
  • etc.

How to use

In order to make our lives easier, a simple python3-WebServer script has been included which will server http on http://0.0.0.0:8000/index.html and when a browser requests the address all the information will get extracted and shown in the webpage, this is useful in pdf exports, controllable headless browsers, etc.

Using Seperate index.html

git clone https://github.com/sinsinsecurity/priest.git
cd priest
put index.html on a webserver

OR Using the priest.py webserver

git clone https://github.com/sinsinsecurity/priest.git
cd priest
chmod +x priest.py
./priest.py 8000

Result

This is very useful when dealing with EC2 Servers, Google Clouds and html renderes in order to detect the used technology for further exploitation

Results
Results