Request Forgery: Server Side Request Forgery¶
Identifier:
ssrf
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner | ASM Scanner |
|---|---|---|---|
Description¶
Important note: to ensure this test works, you need the ssrf.tools.escape.tech domain to be allowed in your WAF/Firewall egress rules.
This is so that Escape can get a ping back from your application server.
Server Side Request Forgery happens when an application blindly sends a request to a URL provided by a user. Without proper checks, attackers can supply a URL that directs the request to an internal service or a restricted resource, helping them bypass security boundaries like firewalls or VPN protections.
This oversight can let attackers expose sensitive internal systems or data, and might even be used as a stepping stone for more intrusive attacks. Developers often face this risk when they dont implement strict input validation and proper URL filtering, making it a small mistake with serious potential impact if left unaddressed.
Execution conditions (BLST):
- Static SSRF checks are run first.
- Active SSRF fuzzing then runs when this test is enabled, arguments are present, and coverage is not SERVER_UNREACHABLE, TIMEOUT, RATE_LIMIT, UNAUTHORIZED, REDIRECTION, or GENERIC_ERROR.
Configuration¶
Example¶
Example configuration:
Reference¶
skip¶
Type : boolean
Skip the test if true.