Server Side Request Forgery (SSRF)
Info
This note is still in development.
Overview¶
Server Side Request Forgery or SSRF is a vulnerability in which an attacker forces a server to perform requests on their behalf.
Reference(s):
- https://swisskyrepo.github.io/PayloadsAllTheThings/Server%20Side%20Request%20Forgery/
- https://portal.offsec.com/courses/web-200/books-and-videos/modal/modules/server-side-request-forgery/server-side-request-forgery
Tools¶
-
# Installation git clone https://github.com/swisskyrepo/SSRFmap cd SSRFmap pip3 install -r requirements.txt # Usage python ./ssrfmap.py -
# Installation git clone https://github.com/In3tinct/See-SURF.git cd See-SURF/ pip3 install BeautifulSoup4 pip3 install requests # Usage python ./see-sruf.py -H <url> -
Once SSRF is validated, search for potential backend services normally only available on localhost
| Service | Port | URI Path |
|---|---|---|
| MySQL | 3306 | mysql://127.0.0.1:3306 |
| PostgreSQL | 5432 | postgresql://localhost:5432 |
| FastCGI | 9000 | |
| Redis | 6379 | |
| Zabbix | 10050 | |
| SMTP | 25 |