Server-Side Request Forgery

What is an SSRF?

  • A vulnerability that allows a malicious user to cause the webserver to make an additional or edited HTTP request to the resource of the attacker's choosing

  • Types of SSRF

    • Regular SSRF - data is returned to the attacker's screen

    • Blind SSRF - no data is returned of the attacker's screen

  • Impact

    • Access to unauthorized areas

    • Access to customer/organizational data

    • Ability to scale to internal networks

    • Reveal authentication tokens/credentials

Finding SSRFs

Finding SRRFs

  • If working a blind SRRF, you'll need to use an external HTTP logging tool to monitor requests like requestbin.com

PreviousFile InclusionNextInjection

Last updated