Request Forgery: Server-Side Request Forgery¶

Identifier: ssrf_agent

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Server-Side Request Forgery vulnerabilities occur when an application fetches a remote resource based on user-supplied input without proper validation, allowing attackers to force the server to make requests to unintended destinations.

How we test: We use AI-powered analysis to craft SSRF payloads targeting internal services, cloud metadata endpoints, and internal network resources. We test URL parameters, headers, and request bodies for SSRF injection points and analyze responses for signs of successful internal access.

References:

https://portswigger.net/web-security/ssrf

Configuration¶

Example¶

Example configuration:

---
security_tests:
  ssrf_agent:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.