Documentation
  • 🍻Intro
    • Why API Security is Critical?
    • Pynt at a Glance
    • Who Should Use Pynt?
  • 👩‍💻API Security Testing
    • Security Testing Overview
    • Prerequisites for Running Pynt Scans
    • How to Install Pynt CLI
    • How to install Pynt Binary (Linux only)
    • Pynt CLI Modes
      • 🔵Pynt Command CLI Mode
      • 🔵Pynt Listen CLI Mode
    • Pynt Security Tests Coverage
      • Business Logic Tests
      • Injection Tests
      • Authentication Bypass Tests
      • Mass Assignment Tests
      • Server-Side Request Forgery Tests
      • Stack Trace In Response
      • Lack of Resources and Rate Limiting
      • File Path Manipulation
      • GraphQL Introspection Vulnerability
      • GraphQL Alias Overloading
      • LLM APIs Vulnerabilities
      • Insecure Transport Scheme
      • Basic Authentication
      • HTTP Desynchronization (Desync) Attack
    • Sensitive Data Exposure Detection
    • Pynt Scans Troubleshooting
      • Pynt CLI Troubleshooting
      • Pynt for Postman Troubleshooting
        • Troubleshoot Pynt Container not Running Error
        • Troubleshoot Empty API Key Error
        • Troubleshoot Unauthorized API Key Error
        • Troubleshoot Collection Not Found Error
        • Troubleshoot Non-Unique Collection Name Error
        • Troubleshoot Empty Collection Identifier Error
        • Troubleshoot Unreachable Target Error
        • Troubleshoot Target Responds with Errors Error
        • Troubleshoot Unresolved Target Domain Error
        • Troubleshoot Unresolved Variable Error
        • Troubleshoot TLS Handshake Fail Error
        • Troubleshoot Few Requests Error
        • Troubleshoot One User Only Error
        • Troubleshoot Failed Assertions Error
    • How To
      • How to Run Business Logic Tests with Pynt
      • How to associate a Pynt scan to an Application in Pynt Dashboard
      • How to tag a scan in Pynt
    • Benchmarks
      • Pynt vs OWASP crAPI
  • 🤲Security Testing Integrations
    • 🟠Pynt with API Testing Tools
      • 🔘Pynt for Postman
        • Fork Pynt Collection
        • Run Pynt Container
        • Run Pynt in Postman
        • View Scan Results in Postman
      • 🔘Pynt for Insomnia
      • 🔘Pynt for ReadyAPI
    • 🟠Pynt with API Testing CLIs
      • 🔘Pynt for Newman (Postman CLI)
      • 🔘Pynt for TestRunner (ReadyAPI CLI)
    • 🟠Pynt with Testing Frameworks
      • 🔘Pynt for .NET (xUnit)
      • 🔘Pynt for Selenium
      • 🔘Pynt for Rest Assured
      • 🔘Pynt for Jest
      • 🔘Pynt for pytest
      • 🔘Pynt for Go
      • 🔘Pynt for JMeter
    • 🟠Pynt on CI/CD
      • ❗How to get Pynt ID for CI/CD Authentication
      • 🔘Pynt for GitHub Actions
      • 🔘Pynt for Azure DevOps Pipelines
      • 🔘Pynt for GitLab
      • 🔘Pynt for Jenkins
    • 🟠Pynt with Burp Suite
    • 🟠Pynt with Browsers
      • 🔘Pynt for Firefox Browser
    • 🟠Live Traffic Connectors
      • 🔘eBPF
        • 🔘Key Components
      • 🔘Traffic Mirroring
    • 🟠Advanced Pynt Examples
      • 🔘Pynt as a Standalone Container
      • 🔘Pynt with Prerecorded Har Files
      • 🔘Pynt with cURL
  • 🈸Applications View
    • Application View Overview
    • Manage Applications
      • Add Application
      • Delete Application
      • Rename Application
    • Manage Sources for API Discovery
      • Add Source
      • Delete Source
      • View Source Info
      • Source Categories
        • API Documentation
          • Swagger
          • Postman Collection
        • API Gateways
          • AWS API Gateway
          • Azure API Gateway
          • Kong API Gateway
          • GCP API Gateway
          • Gravitee API Gateway
        • Testing (API Security Scans)
        • Live Traffic
          • Data Collection with eBPF
          • ALB Traffic Capture with AWS Traffic Mirroring
        • Code Repository
    • Application Dashboard
    • Generate Pentest Report
  • 📚API Catalog
    • API Catalog Overview
    • Navigate API Catalog
      • Filtering API Catalog by Application
      • API Catalog Customization
      • API Related Info
      • APIs at Risk
    • Manage API Source Gaps
      • New APIs
      • Untested APIs
      • Shadow APIs
      • Undocumented APIs
    • View Detailed Endpoint Info
  • ⏪Scan History
    • Scan History Overview
    • Navigate Scan History
      • Associating Scans with Specific Application
      • Filtering by Application
      • Scan Related Info
      • Scan History Customization
    • View Detailed Scan Info
    • Associate Vulnerabilities to Tickets with JIRA
  • Account Management
    • Single Sign-On (SSO)
      • Setting up Okta
      • Setting up Entra ID
Powered by GitBook
On this page
  • Introduction
  • What are the common mistakes made by developers?
  • How can I fix SSRF issues?
  • Test cases in this category
  1. API Security Testing
  2. Pynt Security Tests Coverage

Server-Side Request Forgery Tests

Explore Pynt's documentation on security tests for server-side request forgery! Learn how Pynt protects your APIs against this critical vulnerability.

At a Glance: 🌐 SSRF (Server-Side Request Forgery) occurs when an attacker tricks a server into making requests to unintended locations, such as internal systems or external third-party services. This vulnerability allows attackers to bypass firewall restrictions, access sensitive data, or execute malicious actions on behalf of the compromised server.


Introduction

SSRF occurs when an attacker can manipulate the input parameters of a web application that requests resources from other servers, such as databases, web services, or other APIs.

The attacker can exploit this vulnerability to send forged requests to internal servers that are not meant to be exposed to the internet, such as backend systems or databases. This can result in unauthorized access, data theft, or other malicious activities that can compromise the security of the entire web application or the network it is hosted on.

What are the common mistakes made by developers?

SSRF vulnerabilities occur due to a lack of input validation and inadequate access controls. Specifically, when applications allow untrusted input to be used in making requests to other servers, they can be exploited by attackers to manipulate these requests and send them to unintended targets

import requests
from flask import Flask, request

app = Flask(__name__)

@app.route('/')
def index():
    url = request.args.get('url')
    response = requests.get(url)
    return response.text

if __name__ == '__main__':
    app.run(debug=True)

In this example, the Flask web application takes a URL parameter from the user and makes a GET request to that URL using the requests library. However, there is no input validation or sanitization being performed on the URL parameter, which means an attacker can pass in a malicious URL that points to an internal server or other restricted resource.

For example, an attacker could make a request like this:

http://localhost:5000/?url=http://192.168.0.1/secret

This would cause the web application to make a request to an internal server at IP address 192.168.0.1, which may contain sensitive data or be otherwise restricted. By exploiting this SSRF vulnerability, the attacker could potentially gain access to this internal resource and compromise the security of the network.

How can I fix SSRF issues?

Validate and sanitize user input before using it to make requests to external resources. One approach would be to use a whitelist of allowed URLs, or to restrict the URLs that can be accessed based on the user's permissions or role.

Test cases in this category

This test case tries to manipulate a URL to access a local file on the server

Test case
OWASP
CWE

[SSRF001] Local file access

PreviousMass Assignment TestsNextStack Trace In Response

Last updated 8 months ago

👩‍💻
A10 OWASP top 10
CWE-918