ssrf-ip-filter-bypass

Official

Bypass SSRF IP filters with address encoding.

Authordreadnode
Version1.0.0
Installs0

System Documentation

What problem does it solve?

SSRF endpoints with string-based IP validation block access to internal services and cloud metadata IPs (like 169.254.169.254 and 127.0.0.1) during authorized security testing, preventing testers from validating the full scope of SSRF vulnerabilities.

Core Features & Use Cases

  • IP Encoding Variants: Provides all valid text representations (hex, octal, decimal, IPv6) for blocked IP addresses to bypass naive string/regex filters.
  • URL Parsing Bypasses: Includes techniques like userinfo confusion, backslash path tricks, and scheme obfuscation to bypass filters that validate URL structure instead of resolved IPs.
  • Use Case: Security testers use this skill to validate SSRF filter effectiveness by attempting to access cloud instance metadata and internal services that are blocked by basic string-based IP checks.

Quick Start

Use this skill to test an SSRF endpoint's IP filter by sending requests with hex-encoded AWS metadata IP addresses to attempt access to the cloud instance metadata service.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: ssrf-ip-filter-bypass
Download link: https://github.com/dreadnode/capabilities/archive/main.zip#ssrf-ip-filter-bypass

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.