--- name: performing-ssrf-vulnerability-exploitation description: Test for Server-Side Request Forgery vulnerabilities by probing cloud metadata endpoints, internal network services, and protocol handlers through user-controllable URL parameters. Tests AWS/GCP/Azure metadata APIs (169.254.169.254), internal port scanning via HTTP, URL scheme bypass techniques, and DNS rebinding detection. domain: cybersecurity subdomain: security-operations tags: - performing - ssrf - vulnerability - exploitation version: '1.0' author: mahipal license: Apache-2.0 nist_csf: - DE.CM-01 - RS.MA-01 - GV.OV-01 - DE.AE-02 --- ## When to Use - When conducting security assessments that involve performing ssrf vulnerability exploitation - When following incident response procedures for related security events - When performing scheduled security testing or auditing activities - When validating security controls through hands-on testing ## Prerequisites - Familiarity with security operations concepts and tools - Access to a test or lab environment for safe execution - Python 3.8+ with required dependencies installed - Appropriate authorization for any testing activities ## Instructions 1. Install dependencies: `pip install requests` 2. Identify URL parameters in the target application that accept URLs or hostnames. 3. Test SSRF payloads: - Cloud metadata: `http://169.254.169.254/latest/meta-data/` - Internal services: `http://127.0.0.1:port/`, `http://10.0.0.1/` - Protocol handlers: `file:///etc/passwd`, `gopher://`, `dict://` - Bypass techniques: IP encoding, DNS rebinding, URL redirects 4. Analyze responses for information disclosure or internal access confirmation. 5. Generate a vulnerability assessment report. ```bash # For authorized penetration testing and lab environments only python scripts/agent.py --target-url https://app.example.com/fetch?url= --output ssrf_report.json ``` ## Examples ### AWS Metadata SSRF ``` GET /fetch?url=http://169.254.169.254/latest/meta-data/iam/security-credentials/ ``` If the response contains AWS credentials (AccessKeyId, SecretAccessKey), SSRF is confirmed with critical impact.