It was a hassle setting up my own https server for it and couldn't use self signed certs because it did not have insecure option enabled on the vulnerable webserver.
Was able to get YAML deserialization with this php redirect to get the SSRF and exploit working:
from scapy.all import*import sys#take in file name from argumentfile = sys.argv[1]#open filef =open(file, "r")# Define the source and destination IP addressessource_ip ="192.168.245.129"destination_ip ="192.168.1.7"# Define an array to store the data bytesdata_array = []packets =rdpcap(file)defprocess_packet(packet):# find all UDP packets from 192.168.245.129 to 192.168.1.7 and get the data byte and add to array and print array if packet.haslayer(IP) and packet.haslayer(UDP) and packet[IP].src == source_ip and packet[IP].dst == destination_ip:
data = packet[Raw].load data_array.append(data)# Process each packet in the pcap filefor packet in packets:process_packet(packet)# merge the array and printdata = b''.join(data_array)print(str(data, 'utf-8'))