Skip to content

Request Forgery: Server Side Request Forgery

Identifier: ssrf

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

Important note: to ensure this test works, you need the ssrf.tools.escape.tech domain to be allowed in your WAF/Firewall egress rules.

This is so that Escape can get a ping back from your application server.

Server Side Request Forgery happens when an application blindly sends a request to a URL provided by a user. Without proper checks, attackers can supply a URL that directs the request to an internal service or a restricted resource, helping them bypass security boundaries like firewalls or VPN protections.

This oversight can let attackers expose sensitive internal systems or data, and might even be used as a stepping stone for more intrusive attacks. Developers often face this risk when they dont implement strict input validation and proper URL filtering, making it a small mistake with serious potential impact if left unaddressed.

Configuration

Example

Example configuration:

---
security_tests:
  ssrf:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

skip

Type : boolean

Skip the test if true.