Scribd
Upload
11 views

LI - 16 HTTP Headers That Can Cause SSRF

Uploaded by

florence1204quiaoit
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
11 views

LI - 16 HTTP Headers That Can Cause SSRF

Uploaded by

florence1204quiaoit
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 17

SSRF Header Exploits

16 HTTP Headers That Cause SSRF

These headers, when improperly validated, allow


attackers to manipulate server-side requests to
access internal or unauthorized resources.

Follow @wallarm on X/Ln


SSRF Header Exploits

Host

Controls the server to which the request is sent.


Modifying it can redirect the application to internal
resources.

Example:
Host: 127.0.0.1

Follow @wallarm on X/Ln


SSRF Header Exploits

X-Forwarded-For

Spoofs the client IP, potentially causing the server


to fetch internal resources.

Example:
X-Forwarded-For: 169.254.169.254

Follow @wallarm on X/Ln


SSRF Header Exploits

X-Forwarded-Host

Overrides the host header, redirecting requests to


internal services.

Example:
X-Forwarded-Host: localhost

Follow @wallarm on X/Ln


SSRF Header Exploits

X-Original-URL

Alters URL routing, allowing access to internal


paths.

Example:
X-Original-URL: /admin

Follow @wallarm on X/Ln


SSRF Header Exploits

X-Rewrite-URL

Rewrites URLs used by the backend, enabling


access to sensitive endpoints.

Example:
X-Rewrite-URL: /etc/passwd

Follow @wallarm on X/Ln


SSRF Header Exploits

X-Real-IP

Spoofs the IP address, causing the server to


interact with internal services.

Example:
X-Real-IP: 127.0.0.1

Follow @wallarm on X/Ln


SSRF Header Exploits

Location

Redirects the application to specified URLs,


potentially internal resources.

Example:
Location:
http://169.254.169.254/latest/meta-da
ta

Follow @wallarm on X/Ln


SSRF Header Exploits

Content-Location

Specifies a URL to fetch additional resources,


which can point to internal services.

Example:
Content-Location:
http://127.0.0.1/private

Follow @wallarm on X/Ln


SSRF Header Exploits

Origin

Controls the origin of a request, potentially


allowing access to internal resources.

Example:
Origin: http://169.254.169.254

Follow @wallarm on X/Ln


SSRF Header Exploits

Forwarded

Relays client details, allowing redirection to


internal networks.

Example:
Forwarded: for=127.0.0.1

Follow @wallarm on X/Ln


SSRF Header Exploits

Destination

Used in WebDAV requests to specify targets,


which can expose internal systems.

Example:
Destination: http://localhost/files

Follow @wallarm on X/Ln


SSRF Header Exploits

SOAPAction

Defines SOAP actions, which can interact with


internal endpoints.

Example:
SOAPAction:
http://127.0.0.1/internal-api

Follow @wallarm on X/Ln


SSRF Header Exploits

Link

Prefetches or fetches linked resources, which can


redirect to internal services.

Example:
Link: <http://127.0.0.1>;
rel="preload"

Follow @wallarm on X/Ln


SSRF Header Exploits

Via

Provides routing details that can redirect requests


to internal systems.

Example:
Via: 1.1 internal.proxy

Follow @wallarm on X/Ln


SSRF Header Exploits

X-Forwarded-Proto

Determines the protocol, influencing routing and


access to internal resources.

Example:
X-Forwarded-Proto: http

Follow @wallarm on X/Ln


SSRF Header Exploits

X-Accel-Redirect

Directs requests to specific URLs, often internal


resources.

Example:
X-Accel-Redirect: /internal/resource

Follow @wallarm on X/Ln

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy