Security Resource Hub
Ethical Hacking

Topic 6: Server-Side Request Forgery (SSRF)

Complete & Continue Next Lesson Learn More

Understanding SSRF (Server Side Request Forgery)

Server-side request Forgery is a web security vulnerability that allows an attacker to induce the server-side application to request HTTP to an arbitrary domain of an attacker’s choosing. 

  • The attacker might cause the server to connect to an internal-only service within the organization’s infrastructure. In some cases, they may be able to force the server to connect to arbitrary external systems, potentially leaking sensitive data such as authorization credentials. 

  • An SSRF attack can often result in unauthorized actions or access to data within the organization, either in the vulnerable application itself or on other back-end systems that the application can communicate with. In some situations, the SSRF vulnerability might allow an attacker to execute arbitrary commands.

  • An SSRF exploit that causes connections to external third-party systems might result in malicious onward attacks that appear to originate from the organization hosting the vulnerable application.

  • The attack often exploits trust relationships to escalate an attack from the vulnerable application and perform unauthorized actions. These trust relationships might exist with the same organization's server or back-end systems.

Types of SSRF Attacks

  • Attacks against the server: The attacker manipulates the application to make HTTP requests back to the server hosting the app via the loopback network interface. 

  • Make HTTP requests as a local machine. Tricks access controls and bypasses them. 

  • Attacks against Backend systems: The app can interact with backend systems/services that are not directly reachable by the users. These systems generally work on non-routable private IP addresses. 

  • A network topology protects backend systems but has a weak security posture. 

  • SSRF attacks can bypass detection filters via open redirection. 

  • Exploit SSRF vulnerabilities that submit backend HTTP requests but do not return the response to the app’s front end. 

SSRF Attack Mitigation Strategies:

  • Input Validation and Whitelisting: Validate and sanitize user-supplied input and whitelisting domains and IP addresses the application needs to access. 

  • Restrict Network Access: Do not allow private non-routable IP addresses. 

  • Request Filtering: Make sure that the response you want to receive from a request is as expected. 

  • Protocol Validation: Validate and enforce specific protocols (e.g., HTTP, HTTPS) for outgoing requests. Disable the use of unnecessary URL Schemes. For Eg: ftp://

  • Use Least Privilege: Restrict the server-side components' privileges to only the necessary resources and functionalities. Avoid running services with elevated privileges or accessing sensitive APIs unless explicitly required.

  • Enabling proper authentication for services and applications is very important. Use the least privilege principle.  

  • Blacklisting user input and applying regular expression is one way to mitigate SSRF attacks. (Not optimal)