In this article we are telling you about SERVER SIDE REQUEST FORGERY like what is SERVER SIDE REQUEST FORGERY and How to Find SSRF vulnerability
Here you are being told about SERVER SIDE REQUEST FORGERY practically like we have told you before by solving labs like Insecure deserialization vulnerability and cross origin resource sharing
If you have not read our articles, then you can also read them, here you get many types of articles on bug bounty which can be very helpful for you, all of this has been told to you for educational purpose.
Note- This article is only for educational purpose. Don’t miss use your knowledge and skills.
Also Read
What is business logic flaw vulnerability
What is xml external entity injection
Local file inclusion vulnerability
SERVER SIDE REQUEST FORGERY ?
Here first of all you should know that SERVER SIDE REQUEST FORGERY vulnerability is there. You must have heard about it sometime or you must have heard about your SSRF.
SERVER SIDE REQUEST FORGERY is called SSRF. We have told you about CROSS SITE REQUEST FORGERY before. You can also read it.
Let’s try to understand SERVER SIDE REQUEST FORGERY by example, like facebook is here, if you can somehow connect to facebook server and remove the server’s information, it is called SSRF attack.
Just like we know about localhost and we also know that localhost contains all files, in such a way that the request of all websites goes to some web server, in such a way hackers would be able to connect to the server by making changes in the same request.
In such a situation, it is called SERVER SIDE REQUEST FORGERY BUG. If you find this bug in a website, then you can get a good bug bounty. When you read this article completely, you understand yourself.
https://portswigger.net/web-security/ssrf
SERVER SIDE REQUEST FORGERY LABS ?
Let us now tell you about SERVER SIDE REQUEST FORGERY practically, here we are telling you to solve two labs like we have told you by solving labs earlier.
First of all, you have to access the lab here as we normally tell in all articles, similarly you have to access the SSRF Lab here too. https://portswigger.net/web-security/ssrf/lab-basic-ssrf-against-localhost
After accessing the lab, the page opens in this way in front of you, it shows like an ecommerce website, here you get a product show, you can open any product here.
After opening the product, you get the option of stock in all products, here you have to click on the check stock as you can see in the image, you get a similar show.
After doing all this you can run the burp suite, you have to intercept on the burp suite and click on the check stock again, by doing this the request is captured as you can see in the image.
Here the same request has to be repeater to send, it has been told to you in all the earlier articles that by right clicking you can send the request to repeater.
As you can see in the image, here you were getting the request of the first server in stockapi, here we have accessed the localhost, on doing this, the localhost opens in front of you upon sending the request.
Here you can see by clicking on the render, you were not getting the admin panel show here earlier, but here you are getting the admin panel show, in the same way you can do all this in live website too.
After doing all this, you can access the admin panel here as you can see in the image, after accessing the admin panel here, you get the information of users, here the lab is solved by deleting the carlos user.
As you can see in the image here we have sent a request to delete the carlos user in this way, to do all this here, you must turn off the intercept in the burp suite.
Here you can see as soon as you send a request to delete carlos user, you have got a message show of congratulations, in some similar way you can solve other labs as well, here you will understand how SERVER SIDE REQUEST FORGERY bug works.
In this way, you get another lab as here we have been told earlier that the admin panel can be accessed using localhost but here you have not been asked to access localhost in any way.
https://portswigger.net/web-security/ssrf/lab-basic-ssrf-against-backend-system
Here you have been told the range of an Ip address, now to access the admin panel, what is the Ip address we have to find ourselves, here first you have to access the lab.
After accessing the lab, you have to do the same process as before, on stocking the check, the request has to be captured as you can see in the image, you have to do something similar.
After doing all this, you have to send this request here then repeater like we have done in the previous lab as you can see in the image here we have given Ip address and port number
Here we are now able to make a connection to the server but cannot access the admin panel, here we can find the Ip address to access the admin panel with the help of bruteforce attack.
As you can see in the image, we have already told you to use intruder before, here also we have to do the same, in the article with bypass website two factor authentication, we have also used intruder.
Here we have to give the dollar sign to the value on which we want to attack bruteforce as you can see in the image, in this way you also have to do this, you must also know about the IP address. needed
As you can see in the image, here we know that in the range of class c Ip address up to 254, in such a situation, we have to find the Ip address of the admin panel from the 254 Ip address itself.
After doing all this, you can click on the start attack as you can see in the image, after doing this we get the IP address of the admin panel. Here we have got 229 in our case, in your case it may be different.
As you can see in the image, here we have now used 229, in such a way, we are also able to access the admin panel, here also we have to process the same carlos user.
As you can see in the image carlos user has also got us here, here you have to always keep in mind one thing, make sure to turn off the intercept if you do not do it, labs are not able to solve in this way.
After doing all this we can delete the carlos user like we have deleted the carlos user in the previous lab also here you get more labs of SERVER SIDE REQUEST FORGERY which allow the same username
As you can see you have got a message show of congratulations, you have to solve it and labs as well, you can try it by yourself and see that your skills improve by doing this.
The Conclusion
I hope now you can understand about SERVER SIDE REQUEST FORGERY We have also told you here by solving two labs of SERVER SIDE REQUEST FORGERY.
Here you must try to solve its other labs by yourself, if you have any problem in solving SERVER SIDE REQUEST FORGERY labs, then you can tell us in the comment.
We will tell you how to solve the rest of the labs as well, here we have told you about many such bugs, if you have not read our articles, you can also read them.
If you have any kind of question related to ethical hacking, in such a way, you can ask us in a comment, we will help you completely, here if you deeply understand hacking, then only then you can be successful in any kind of attack.
Subscribe to our blog for latest updates
Sharing is Caring
Thankyou
Leave a Reply