gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(mitmproxy): Fix SSRF false positives for internal traffic

Browse Source 
SSRF detection was triggering on any request to internal IPs
(192.168.x.x, 10.x.x.x, etc.) because it was checking the target
URL itself. Now only checks query parameters and request body for
SSRF patterns, which is where actual SSRF attacks occur.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
CyberMind-FR 2026-02-14 05:38:26 +01:00
parent cafe8196ac
commit 418cb2c76e
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
package/secubox/secubox-app-mitmproxy/files/srv/mitmproxy/addons/secubox_analytics.py
View File

@ -1085,9 +1085,14 @@ class SecuBoxAnalytics:
'severity': 'high', 'category': 'file_access'
}
# Check SSRF
# Check SSRF - only in query parameters and body, not in the target URL itself
# This prevents false positives when accessing internal services legitimately
ssrf_targets = [body]
if query:
ssrf_targets.extend([str(v) for v in query.values()])
ssrf_combined = ' '.join(ssrf_targets)
for pattern in SSRF_PATTERNS:
if re.search(pattern, combined, re.IGNORECASE):
if re.search(pattern, ssrf_combined, re.IGNORECASE):
return {
'is_scan': True, 'pattern': 'ssrf', 'type': 'ssrf',
'severity': 'high', 'category': 'server_side'