{"id":47614,"date":"2022-09-26T14:54:51","date_gmt":"2022-09-26T12:54:51","guid":{"rendered":"https:\/\/cyberant.com\/wat-is-server-side-request-forgery-ssrf\/"},"modified":"2023-04-12T15:57:57","modified_gmt":"2023-04-12T13:57:57","slug":"what-is-server-side-request-forgery-ssrf","status":"publish","type":"post","link":"https:\/\/cyberant.com\/en\/what-is-server-side-request-forgery-ssrf\/","title":{"rendered":"What is Server-side request forgery (SSRF)?"},"content":{"rendered":"\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-l8irt0r0-dea32be69c4cf5c7e119c5757187dfee\">\n#top .av_textblock_section.av-l8irt0r0-dea32be69c4cf5c7e119c5757187dfee .avia_textblock{\nfont-size:40px;\n}\n<\/style>\n<section  class='av_textblock_section av-l8irt0r0-dea32be69c4cf5c7e119c5757187dfee '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h1 class=\"h2 entry-title\">What is Server-side request forgery (SSRF)?<\/h1>\n<\/div><\/section>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kyb2a7-c0ada3c433752ff7b704cadc1dc44d4b\">\n#top .hr.hr-invisible.av-kyb2a7-c0ada3c433752ff7b704cadc1dc44d4b{\nheight:30px;\n}\n<\/style>\n<div  class='hr av-kyb2a7-c0ada3c433752ff7b704cadc1dc44d4b hr-invisible  avia-builder-el-1  el_after_av_textblock  el_before_av_textblock '><span class='hr-inner '><span class=\"hr-inner-style\"><\/span><\/span><\/div>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-l8irtatq-468ad65a23a365f8dd276afe9e3efb3c\">\n#top .av_textblock_section.av-l8irtatq-468ad65a23a365f8dd276afe9e3efb3c .avia_textblock{\nfont-size:16px;\n}\n<\/style>\n<section  class='av_textblock_section av-l8irtatq-468ad65a23a365f8dd276afe9e3efb3c '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p class=\"lead\">Server side request forgery (SSRF) is an attack where the server makes a request that it shouldn&#8217;t. It is part of the <a href=\"https:\/\/cyberant.com\/en\/knowledge-base-item\/owasp-top-10\/\">OWASP top 10<\/a> on place 10.<\/p>\n<h3>Example of server side request forgery<\/h3>\n<p>In the example below, the attacker can only get to the website www.cyberant.com. The attacker wants to attack the website admin.cyberant.com, which is not reachable via the internet. Therefore, the only option to do this is through the website.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-medium wp-image-43667\" src=\"https:\/\/cyberant.com\/wp-content\/uploads\/2021\/09\/ssrf2-300x189.png\" alt=\"\" width=\"300\" height=\"189\" srcset=\"https:\/\/cyberant.com\/wp-content\/uploads\/2021\/09\/ssrf2-300x189.png 300w, https:\/\/cyberant.com\/wp-content\/uploads\/2021\/09\/ssrf2-768x485.png 768w, https:\/\/cyberant.com\/wp-content\/uploads\/2021\/09\/ssrf2.png 980w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/p>\n<p>Of course, the attacker can try to take over the website completely, but if this doesn&#8217;t work (and there is a good chance of course), there is another option: SSRF.<\/p>\n<p>Suppose we have the following request:<\/p>\n<p><code>POST \/vulns\/1\/info HTTP\/1.0<br \/>\nContent-Type: application\/x-www-form-urlencoded<br \/>\nContent-Length: 123<\/code><\/p>\n<p>vulnApi=https:\/\/vulns.cyberant.com\/<\/p>\n<p>The server will now retrieve information from vulns.cyberant.com. However, the API is free to fill in, so the attacker can freely modify this:<\/p>\n<p><code>POST \/vulns\/1\/info HTTP\/1.0<br \/>\nContent-Type: application\/x-www-form-urlencoded<br \/>\nContent-Length: 123<\/code><\/p>\n<p>vulnApi=https:\/\/admin.cyberant.com\/launch\/missles<\/p>\n<p>The website will now make a request to admin.cyberant.com instead of vulns.cyberant.com. Depending on the implementation of the website, the result of the admin application may or may not be displayed. If the request is made, but the result is not displayed, we speak of a blind SSRF vulnerability.<\/p>\n<h3>How can you prevent SSRF?<\/h3>\n<p>SSRF vulnerabilities can be prevented by letting the client do the request itself. This should of course be possible, in the above example the user cannot reach the vulns application. Another option is to whitelist or preconfigure the URL so that the attacker cannot modify it.<\/p>\n<p class=\"lead\"><img decoding=\"async\" class=\"attachment-large size-large wp-post-image webpexpress-processed\" style=\"font-size: 16px;\" src=\"https:\/\/cyberant.com\/wp-content\/uploads\/2021\/09\/ssrf2.png\" sizes=\"(max-width: 640px) 100vw, 640px\" srcset=\"https:\/\/cyberant.com\/wp-content\/uploads\/2021\/09\/ssrf2.png 980w, https:\/\/cyberant.com\/wp-content\/uploads\/2021\/09\/ssrf2-300x189.png 300w, https:\/\/cyberant.com\/wp-content\/uploads\/2021\/09\/ssrf2-768x485.png 768w, https:\/\/cyberant.com\/wp-content\/uploads\/2021\/09\/ssrf2-413x261.png 413w\" alt=\"\" width=\"640\" height=\"404\" \/><\/p>\n<\/div><\/section>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":11,"featured_media":43668,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[195,216],"tags":[182,183,197,190,191,185,194,202,188],"class_list":["post-47614","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hacken","category-knowledge-base","tag-cyber-security-en","tag-cyberaanval-en","tag-cybercriminelen-en","tag-datalekken-en","tag-etisch-hacker-en","tag-hacker-en","tag-pentest-en","tag-server-side-request-forgery-ssrf-en","tag-vulnerability-management-en"],"_links":{"self":[{"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/posts\/47614","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/comments?post=47614"}],"version-history":[{"count":0,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/posts\/47614\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/media\/43668"}],"wp:attachment":[{"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/media?parent=47614"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/categories?post=47614"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/tags?post=47614"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}