Blind SSRF with Out-of-Band Detection: Step-by-Step Exploitation & Prevention — SSRF Labs

1 day ago 12

BOOK THIS SPACE FOR AD

ARTICLE AD

1. Open the SSRF Lab and select any product from the list

Blind Server-Side Request Forgery (SSRF) with Out-of-band Detection

2. Go back to Burp Suite and navigate to the HTTP History tab

3. Locate the request containing GET /product?productId=1, right-click, and send it to the Repeater tab

Blind Server-Side Request Forgery (SSRF) with Out-of-band Detection

4. Modify the Referer header and observe the response

Blind Server-Side Request Forgery (SSRF) with Out-of-band Detection

5. Next, test for out-of-band interaction using Burp Collaborator by replacing the Referer header with a unique Burp Collaborator-generated URL

Blind Server-Side Request Forgery (SSRF) with Out-of-band Detection

Blind Server-Side Request Forgery (SSRF) with Out-of-band Detection

6. Switch to the Collaborator tab and click Poll Now to check for interactions

Blind Server-Side Request Forgery (SSRF) with Out-of-band Detection

7. If there is an interaction (either HTTP or DNS requests), it confirms that the server processed the external request

8. This interaction indicates that the application is vulnerable to Blind SSRF

9. Go back to the browser, refresh the page, and confirm that the lab challenge has been successfully solved

Blind Server-Side Request Forgery (SSRF) with Out-of-band Detection

Read Entire Article