Skip to content
/ BlockingServer Public

Web Server that serves a single file and keeps the connection open until user releases it.

72 stars 8 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

pwntester/BlockingServer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
BlockingServer.class
BlockingServer.class
 
 
BlockingServer.java
BlockingServer.java
 
 
README.md
README.md
 
 

Repository files navigation

Blocking server will serve a given file regardless of the resource requested and will keep the connection open after sending the file until the user releases it by pressing Q + ENTER.

This server can be used to weaponize XXE and SSRF attacks and upload arbitrary files to the server. Note that the attcker wont be able to control the upload directory, the name nor the extension, so other vulnerabilities may be required for a successful attack.

Credits go to Timothy D. Morgan (@ecbftw) and his great talk on XXE during OWASP AppSec US 2013: Video

Usage:

javac BlockingServer.java

java BlockingServer

Press Q and ENTER when you want to release the connection

About

Web Server that serves a single file and keeps the connection open until user releases it.

Resources

Readme

Security policy

Security policy
Activity

Stars

72 stars

Watchers

4 watching

Forks

8 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages