Server Side Request Forgery

Server Side Request Forgery (SSRF) is an attack that allows an attacker to make requests from a vulnerable server (web site) to the internal network (Intranet). It is not possible to send a direct request to the internal network of the attacked infrastructure from outside.

Example #1

Service A (anonymous-proxy.com) provides the functionality of an anonymizing proxy server. On web site there is a form for entering URL. Web site reads the contents of the requested URL and displays the response to a user. Anonymous proxy example

Sorry, but this is part of
Web-security course

Web-security course

  • Actual web attacks with examples
  • A wrong ways of preventing attacks
  • Security methods guaranties elimination of attacks
  • Quizzes for the material fixation

  How to prevent SSRF →