Portswigger Academy Server-side request forgery Labs

Introduction

What?

Server-side request forgery (also known as SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make requests to an unintended location.

Why?

In a typical SSRF attack, the attacker might cause the server to make a connection to internal-only services within the organization’s infrastructure. In other cases, they may be able to force the server to connect to arbitrary external systems, potentially leaking sensitive data such as authorization credentials.

How?

• Server-side request forgery (SSRF) techniques

• Basic SSRF against the local server

• Basic SSRF against another back-end system

• SSRF with blacklist-based input filter

• SSRF with filter bypass via open redirection vulnerability

• Blind SSRF with out-of-band detection

• SSRF with whitelist-based input filter

• Blind SSRF with Shellshock exploitation