SSRF

What is it?

Server Side Request Forgery (SSRF) is a type of web vulnerability that allows an attacker to manipulate a server into making unintended requests to other internal or external resources. It occurs when an application doesn't properly validate or sanitize user-supplied input used to construct server-side requests. As a result, an attacker can craft malicious requests to exploit the server's trust in itself and access sensitive information or perform actions on behalf of the server.

The attack typically begins with the attacker submitting a specially crafted request to the targeted server, which may include a URL or IP address. The server, unaware of the potential danger, processes the request and forwards it to the specified resource. However, instead of accessing a legitimate external resource, the request is directed to internal systems or external entities that the attacker controls. This allows the attacker to bypass firewalls and security measures, potentially gaining unauthorized access to sensitive data, internal services, or even launch attacks against other systems.

SSRF attacks can have various implications, such as exposing internal resources, retrieving confidential data, or compromising the server's security. For example, an attacker could trick the server into retrieving a file from a local file system, querying internal databases, or performing actions on internal services that are not intended to be exposed publicly.

Automatic tools to scan for SSRF

Caution: Does not replace your brain and manual validation.

• SSRFmap

• Gopherus

• See-SURF

• SSRF Sheriff

Resources

Concepts

• Server Side Request Forgery - OWASP

• Server-side request forgery (SSRF) - Portswigger

Practice

• SSRF labs on Portswigger's Web Security Academy

Box and writeups with ssrf

• Sau on HTB

• Writeup coming as soon as the box is retired