Definition

Server-Side Request Forgery (SSRF) occurs when an attacker tricks a server into making HTTP requests to unintended destinations.

This allows the attacker to:

• Access internal systems
• Reach restricted services (localhost, private networks)
• Retrieve sensitive data indirectly through the server

Core idea

Instead of attacking a system directly, the attacker uses a trusted server as a proxy to:

• Call internal endpoints
• Reach cloud metadata services
• Access protected infrastructure resources

How SSRF works

1. API accepts a URL from a user
2. Server processes the URL and makes a request
3. Attacker manipulates the URL to point to:
   • Internal services (e.g. localhost)
   • Private network systems
   • External malicious servers

Example attack input