Web Security advanced 55 mins

Server-Side Request Forgery (SSRF)

Advanced SSRF techniques to make servers request internal resources and cloud metadata services. Learn to bypass filters using encoding tricks and redirect chains.

Hands-on Labs
Real-world Scenarios
Immediate Feedback
1

Introduction to SSRF

theory

Learn what SSRF attacks are, how they work, and their potential impact.

Introduction to SSRF

What is Server-Side Request Forgery (SSRF)?

SSRF is a vulnerability that allows attackers to trick a server into making unintended HTTP requests. The attacker controls the target URL or request destination and uses the server's privileges to access internal systems or sensitive data.

How SSRF Works

  1. Web application accepts a URL or resource path as input.
  2. Server fetches that resource on behalf of the user.
  3. Attacker provides a crafted URL pointing to an internal or restricted resource.
  4. Server makes a request to the attacker-controlled or internal endpoint.

Example


GET /fetch?url=http://internal-service/admin

The attacker changes the URL to something like:


GET /fetch?url=http://169.254.169.254/latest/meta-data/

(This accesses AWS instance metadata.)

Impact

  • Access internal networks
  • Read cloud instance metadata
  • Bypass firewalls
  • Trigger internal POST requests to sensitive services

Knowledge Check

What is the main purpose of an SSRF attack?