SSL Certificate Analysis Open Port Detection Web Application Scanning DNS Security Audit HTTP Header Analysis Misconfiguration Detection Software Fingerprinting Subdomain Enumeration
SSL Certificate Analysis Open Port Detection Web Application Scanning DNS Security Audit HTTP Header Analysis Misconfiguration Detection Software Fingerprinting Subdomain Enumeration

All Entries

Category Server-Side Request Forgery
Typical Severity High
OWASP A10:2021 – Server-Side Request Forgery (SSRF)
CWE CWE-918
Also known as XSPA (Cross-Site Port Attack), Blind SSRF
Affected systems Web applications that fetch remote resources based on user-supplied URLs or hostnames (URL fetchers, webhooks, PDF generators, file importers, proxy services)

Overview

Server-Side Request Forgery (SSRF) is a web security vulnerability in which an attacker can cause the server to make HTTP (or other protocol) requests to an arbitrary destination of the attacker's choosing. Because the request originates from the server itself, it can reach internal services, cloud provider metadata endpoints, and other resources that are not exposed to the public internet. SSRF was elevated to its own dedicated category in the OWASP Top 10 2021 (A10) in recognition of its prevalence and high exploitability in modern cloud-hosted architectures.

How it works

SSRF arises when an application accepts a user-controlled value (URL, hostname, IP address, or file path) and uses it to construct a back-end HTTP request without sufficient validation. The attacker substitutes a benign target with a malicious one.

  • Direct (in-band) SSRF: The server's response to the forged request is returned directly to the attacker, leaking internal content such as service banners or data from internal APIs.
  • Blind (out-of-band) SSRF: The response is not reflected to the attacker, but the request is still issued. Impact is confirmed via DNS callbacks, timing differences, or side-channel observations.
  • Cloud metadata endpoints: In AWS, GCP, and Azure environments, the link-local address 169.254.169.254 (and equivalent IMDSv2 endpoints) serves instance credentials, IAM roles, and configuration data — a primary SSRF target.
  • Internal port scanning: By varying the target IP and port, an attacker can map reachable internal hosts and open ports from the server's network vantage point.
  • Protocol smuggling: Some SSRF vulnerabilities can be exploited with non-HTTP schemes such as file://, dict://, gopher://, or ftp:// to interact with services that do not speak HTTP.
  • DNS rebinding / redirect chains: Attackers bypass allowlist checks by first passing validation with a legitimate domain that later resolves to an internal IP, or by chaining open redirects.

A typical attack payload might look like: https://example.com/fetch?url=http://169.254.169.254/latest/meta-data/iam/security-credentials/

Business impact

Successful SSRF exploitation can have severe consequences:

  • Credential theft: Retrieval of cloud IAM credentials from metadata services can lead to full cloud account compromise, enabling lateral movement and data exfiltration at scale.
  • Internal network reconnaissance: Attackers map internal network topology, services, and software versions, substantially lowering the cost of follow-on attacks.
  • Data exfiltration: Internal APIs, databases exposed only within the VPC, configuration stores (e.g., Consul, etcd), and secret managers may be directly queried.
  • Remote code execution: SSRF against services like Redis, Memcached, or internal admin interfaces can lead to RCE via protocol abuse (e.g., Gopher-based Redis command injection).
  • Compliance violations: Exposure of PII or regulated data via internal APIs triggers obligations under GDPR, HIPAA, PCI-DSS, and similar frameworks.
  • Reputational and financial damage: High-profile SSRF breaches (e.g., the 2019 Capital One incident) have resulted in regulatory fines exceeding $80 million and lasting reputational harm.

How to fix it

  1. Validate and allowlist destinations: Maintain a strict allowlist of permitted domains, IPs, and ports. Reject any request whose resolved IP falls in private RFC 1918 ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), loopback (127.0.0.0/8), link-local (169.254.0.0/16), or IPv6 equivalents.
  2. Resolve DNS before validation: Perform DNS resolution server-side and validate the resulting IP address against the allowlist before issuing the request, mitigating DNS rebinding attacks. Ensure the same resolved address is used for the actual connection (TOCTOU-safe implementation).
  3. Disable unnecessary URL schemes: Restrict accepted URL schemes to https:// only. Explicitly reject file://, dict://, gopher://, ftp://, and similar schemes at the parser level.
  4. Use a dedicated egress proxy or firewall: Route all server-initiated outbound traffic through a proxy or egress firewall that enforces destination allowlists at the network layer, providing defence-in-depth independent of application-level controls.
  5. Disable redirects or validate redirect destinations: If the HTTP client library follows redirects automatically, either disable redirect following or re-validate each redirect target against the allowlist.
  6. Enforce IMDSv2 in cloud environments: For AWS, enforce IMDSv2 (token-based metadata access) on all EC2 instances, which requires a PUT request with a custom header that SSRF payloads cannot easily satisfy.
  7. Apply least-privilege network segmentation: Ensure the application's runtime network identity has no unnecessary access to internal services. Use security groups, network policies, or VPC firewall rules to limit lateral reachability.
  8. Avoid returning raw server responses to clients: Where possible, process the fetched resource server-side and return only the necessary data to the client, reducing information leakage in partial-SSRF scenarios.
  9. Log and alert on anomalous outbound requests: Monitor for requests to RFC 1918 addresses, cloud metadata endpoints, or unexpected external destinations, and alert on violations.

Sensagraph automatically detects SSRF vulnerabilities, including blind variants, by probing user-controllable URL parameters and analysing server behaviour.

References

Frequently asked questions

CSRF (Cross-Site Request Forgery) tricks a victim's browser into making a request to a target site on the victim's behalf. SSRF tricks the server itself into making requests on the attacker's behalf, typically targeting internal or cloud infrastructure. SSRF operates entirely server-side and does not require a victim user.

In blind SSRF, the server does not return the response of the forged request to the attacker. Despite this, the attack can still be used to confirm the existence of internal services (via DNS callbacks or timing), trigger actions on internal systems, or exfiltrate data via out-of-band channels — making it significantly dangerous even without a direct response.

Cloud providers expose instance metadata (including temporary IAM credentials) via a link-local HTTP endpoint (169.254.169.254 on AWS/GCP/Azure). An SSRF vulnerability can allow an attacker to retrieve these credentials, which may grant broad access to cloud resources, enabling lateral movement, data exfiltration, or full account takeover.

No. Blocking the metadata endpoint is one layer of defence but does not prevent SSRF attacks targeting other internal services, databases, admin interfaces, or intranet resources. A comprehensive defence requires strict destination allowlisting, egress firewall controls, and network segmentation.

Yes, in certain configurations. SSRF can be escalated to RCE by abusing internal services that accept commands over HTTP or other protocols. For example, using the Gopher scheme to interact with Redis or Memcached can allow injection of arbitrary commands, and access to internal admin panels (e.g., Jenkins, Solr) can expose RCE endpoints.