It should be noted that a function may still, potentially be vulnerable even if not identifid via Burp Collaborator, this is typically due to the target server not allowing outbound dns or strict egress firewall rules. Linode works great for this, it's cheap, fixed price and has a direct public IP address. If you are taking part in bug bounty programs run your own Burp Collaborator server as often the default Burp Collaborator service domain is filtered, giving you an increased chance of detection. PRO TIP: Run Your Own Collaborator Server Burp Collaborator will easily allow you to assess if out-of-band interaction is possible (the target server directly accessing a server you control). In order to identify a SSRF vulnerability the first step is confirming that the functionality is vulnerable, an easy / scalable way to do this is using your own Burp Collaborator on Linode using this link to get a $100 voucher. Identifying Potential Locations for SSRFĪny functionality that allows external service interaction is a good stating point, any where that accepts a third party URL or service integration. Server Side Request Forgery (SSRF) is a web vulnerability that allows an attacker to exploit vulnerable functionality to access server side or local network services / functionality by affectively traversing the external firewall using vulnerable web functionality.Īnother way to think of this would be to imagine the web applications vulnerable function is a web browser, that will allow you to pivot / relay request to the internal interface addresses, loopback or internal network to access services (effectively traversing the WAF or firewall).Īn example of this could be a web function that allows the adding of a URL or third-party service, this could then be exploited to access internal or local IP address.Īfter identifying SSRF on applications running modern frameworks or a WAF, more work will be required in an effort to defeat the protection / filtering that is in place, and allow for successful SSRF exploitation. Identifying Potential Locations for SSRF.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |