Request Forgery: Server Side Request Forgery¶
Identifier:
ssrf
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner | ASM Scanner |
|---|---|---|---|
Description¶
Server Side Request Forgery vulnerabilities occur when applications send requests to URLs provided by users without proper validation, allowing attackers to direct requests to internal services or restricted resources, bypassing security boundaries.
How we test: We inject SSRF payloads containing URLs pointing to internal services or our callback server into request parameters and analyze responses to detect if requests are made to the specified URLs. We test for various SSRF attack vectors including internal network scanning, cloud metadata access, and callback verification.
Important note: to ensure this test works, you need the ssrf.tools.escape.tech domain to be allowed in your WAF/Firewall egress rules. This is so that Escape can get a ping back from your application server.
Prerequisites:
- The target must expose URL-like inputs or server-side fetch behavior that can be safely tested.
- The target must be able to reach Escape's out-of-band collector for callback-based confirmation.
Configuration¶
Example¶
Example configuration:
Reference¶
skip¶
Type : boolean
Skip the test if true.