Server-side request forgery (SSRF)

What is it?

Server-Side Request Forgery (SSRF) is a vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing. It can be used by an attacker to interact with internal systems, possibly bypassing firewalls or accessing unauthorized data.

A simple example

A vulnerable web application uses a parameter to retrieve an image from a URL, i.e., /loadImage?url={imageURL}. An attacker can potentially change the {imageURL} to point to internal resources that should not be exposed, such as http://localhost/admin or http://internal-service/api/secrets.

The impact of an SSRF vulnerability includes:

  • Access to internal services and data

  • Remote code execution

  • Denial of Service (DoS)

Other learning resources:

  • PortSwigger:

  • Swisskyrepo:



# Basic internal interaction

# Using alternative IP notation (for

# Cloud metadata exposure (AWS)

Last updated