Skip to content

Request Forgery: Server Side Request Forgery via Frontend

Identifier: frontend_ssrf_header

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

Server Side Request Forgery happens when an application blindly sends a request to a URL provided by a user, potentially allowing attackers to direct requests to internal services or restricted resources, bypassing security boundaries.

How we test: We inject URLs pointing to our callback server (ssrf.tools.escape.tech) into frontend request parameters and analyze responses to detect if requests are made to the specified URLs. We check if applications properly validate URLs and restrict access to internal or restricted resources.

Important note: to ensure this test works, you need the ssrf.tools.escape.tech domain to be allowed in your WAF/Firewall egress rules so that Escape can receive pingbacks from your application server.

Configuration

Example

Example configuration:

---
security_tests:
  frontend_ssrf_header:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.