The basic idea behind SSRF is to find access to internal resources that can be manipulated to access unauthorized resources. For example, imagine that we have the following URL:
https://site.com/process.php?url=192.168.2.34/data/
In this case, we have a website that is public behind the site.com
domain, and it processes something using the information retrieved from an internal IP. If the developer does not validate the url
parameter, a malicious user can access unauthorized resources located in the internal IP, or maybe in others that have the same visibility.
To detect this kind of vulnerability, we can use Burp Suite's Scanner
, which will detect them automatically, or apply a filter in the Target
tool to find requests that have access to other resources.