exploiting-server-side-request-forgery

# Exploiting Server-Side Request Forgery ## When to Use - During authorized penetration tests when the application fetches URLs provided by users (webhooks, URL previews, file imports) - When testing cloud-hosted applications for access to instance metadata services - For assessing PDF generators, screenshot services, or any feature that renders external content - When evaluating microservice architectures for internal service access via SSRF - During security assessments of APIs that accept URL parameters for data fetching ## Prerequisites - **Authorization**: Written penetration testing agreement including SSRF testing scope - **Burp Suite Professional**: With Collaborator for out-of-band detection - **interactsh**: Open-source OOB interaction server (`go install github.com/projectdiscovery/interactsh/cmd/interactsh-client@latest`) - **SSRFmap**: Automated SSRF exploitation framework (`git clone https://github.com/swisskyrepo/SSRFmap.git`) - **curl**: For manual SSRF payload testing - **Knowledge of target infrastructure**: Cloud provider (AWS, GCP, Azure), internal IP ranges ## Workflow ### Step 1: Identify SSRF-Prone Functionality Map all application features that make server-side HTTP requests. ```bash # Common SSRF-prone features: # - URL preview/unfurling (Slack-like link previews) # - Webhook configuration endpoints # - File import from URL (import CSV from URL) # - PDF/screenshot generation from URL # - Image/avatar fetching from URL # - RSS/feed aggregation ...