.png)
3 years ago
196 BOOK THIS SPACE FOR AD
ARTICLE AD
Hey Hackers,
Hope you all are doing well. So as its my first article and i have choosen one of the strenuous <from my concern ;)> topic.
So not wasting more time on foolish talks, lets dive deep into SSRF ;)
What is SSRF?
Server-side request forgery. As name details itself, It is a attack in which attacker manipulate the server generally to make HTTP requests of his own hand-pick.
So basically, attacker bypasses the protocols and plays with the server and can make malicious request from backend system.
Common SSRF attacks:
Basic SSRF
In basic SSRF, the attacker normally performs a SSRF attack by sending a request to victim server and the hack is performed when the server send back data to the attacker. In basic SSRF hacker’s intension is to get the confidential data from the server.
BLIND SSRF
In blind SSRF, the attacker does’nt get any data back from the server. So blind SSRF are simply infrequent. We commonly see them when the request is made and we can do some actions without getting any data back or we can make some difference to the server without getting any data back.
Lets take a common example:
How to hunt for SSRF:
Basically, SSRF attack is commonly done on URL parameter.
EXAMPLE: We can insert http://127.0.0.1:21/?%0A before URL, And we get http://127.0.0.1:21 back somewhere in response then we can make sure that there is a possibility of SSRF attack. We can notice the response timeto make sure whether the port is open or not.
Can SSRF leads to RCE???
Yes, It can. As we know that some services are completely interfaced with HTTP request. And if we don’t have control over URL or we can say that unrestricted control over URL can lead the attacker to manipulate these services and can do anything,even RCE.
Impact of ssrf:
It can impact both application and back end. A successful SSRF attack can leads to unauthorize access to data.
Mitigations:
Simple, Allow only that requests which seems to be safe.
If we know the request to an internal server should be only to 192.168.0.10/values. Then we should allow only that request to reach that location.
Else we can block the malicious requests, like if a server doesn’t have a functionality to send request itself, then block the requests like localhost,127.0.0.1 in the URL parameter.
BTW these processes are called PASSLIST and DENYLIST.
At the end:
So guys time to wrap up. Will come up with other intresting articles. ;)
If i was good enough then please like and share, And your comments matters to me allot.
Stay blessed,
Keep learning.
Bengali (Bangladesh) · 
English (United States) · 