ssrf-redirect-loop
OfficialProve blind SSRF impact via redirect loop analysis.
System Documentation
What problem does it solve?
This Skill addresses the challenge of demonstrating real-world impact for confirmed blind SSRF vulnerabilities, where the target application does not return response content from fetched internal resources, making it impossible to prove risks like access to sensitive cloud metadata or internal network services.
Core Features & Use Cases
- Redirect Following Validation: Confirms if the target application processes HTTP 3xx redirects on user-supplied URLs via timing comparison tests between redirect and non-redirect payloads.
- Differential Error Analysis: Leverages varying error types, timing, and status codes from different internal targets as oracle channels to prove SSRF impact without visible response content.
- Use Case: When testing a web application's image fetcher feature vulnerable to blind SSRF, use this Skill to prove the vulnerability can be exploited to access internal cloud metadata services or internal network hosts.
Quick Start
Use the ssrf-redirect-loop skill to validate a confirmed blind SSRF vulnerability by testing for redirect following behavior and running differential error analysis against internal targets to prove real-world impact.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: ssrf-redirect-loop Download link: https://github.com/dreadnode/capabilities/archive/main.zip#ssrf-redirect-loop Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.