A SSRF attack, according to the OWASP definition, allows an attacker to access or edit internal resources by abusing a server’s functionality. “By carefully picking the URLs, the attacker may be able to retrieve server configuration such as AWS information, connect to internal services like http enabled databases, or make post requests towards internal services that are not supposed to be exposed,” OWASP adds. The new Facebook tool, dubbed SSRF Dashboard, has a simple UI that allows researchers to define unique internal endpoint URLs for targeting and then see if those URLs have been hit during an SSRF attempt. The tool displays the creation date, a unique ID, and the amount of hits the URL has received in addition to the created unique SSRF attempt URL, which is presented in a table with other URLs. Security researchers will be able to reliably verify whether their SSRF proof-of-concept (PoC) code was successful with the new tool, according to the social media platform, because only successful PoCs receive hits. Researchers that hunt for and uncover SSRF vulnerabilities are encouraged to provide the ID of the SSRF attempt URL, as well as the proof-of-concept, in their reports. “Server Side Request Forgery (SSRF) vulnerabilities are among the most difficult to identify,” Facebook writes, “since external researchers aren’t able to directly detect the server’s vulnerable behaviour.” Here you may find more information about the tool and how to use it, as well as information on the social media platform’s bug bounty programme.
