TLS SNI Proxy Detection

What is the "TLS SNI Proxy Detection?"

The "TLS SNI Proxy Detection" module is designed to detect misconfigurations related to the TLS Server Name Indication (SNI) proxy. It targets systems that may be vulnerable to Server-Side Request Forgery (SSRF) attacks or Open Application Security Testing (OAST) vulnerabilities. The severity of this module is classified as informative, meaning it provides valuable information but does not directly indicate a security vulnerability. The original author of this module is pdteam.

Impact

This module helps identify potential misconfigurations in TLS SNI proxies, which can lead to security vulnerabilities such as SSRF attacks. By detecting these issues, system administrators can take appropriate measures to secure their systems and prevent unauthorized access or data leakage.

How the module works?

The "TLS SNI Proxy Detection" module works by sending an HTTP request template to the target system. The request includes the SNI value as part of the Host header. The module then checks the response for specific matching conditions to determine if the system is using a vulnerable SNI proxy configuration.

For example, the module may check if the response contains the word "dns" in the "interactsh_protocol" part. If this condition is met, it indicates that the system is using a DNS-based SNI proxy, which can be susceptible to SSRF attacks.

By analyzing the response and matching conditions, the module provides insights into the SNI proxy configuration and potential vulnerabilities.

For more information about TLS SNI proxies and their impact on security, you can refer to the following references:

Metadata: max-request: 1