ssrf-redirect-loop

Official

Prove blind SSRF impact via redirect loop analysis.

Authordreadnode
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill addresses the challenge of demonstrating real-world impact for confirmed blind SSRF vulnerabilities, where the target application does not return response content from fetched internal resources, making it impossible to prove risks like access to sensitive cloud metadata or internal network services.

Core Features & Use Cases

  • Redirect Following Validation: Confirms if the target application processes HTTP 3xx redirects on user-supplied URLs via timing comparison tests between redirect and non-redirect payloads.
  • Differential Error Analysis: Leverages varying error types, timing, and status codes from different internal targets as oracle channels to prove SSRF impact without visible response content.
  • Use Case: When testing a web application's image fetcher feature vulnerable to blind SSRF, use this Skill to prove the vulnerability can be exploited to access internal cloud metadata services or internal network hosts.

Quick Start

Use the ssrf-redirect-loop skill to validate a confirmed blind SSRF vulnerability by testing for redirect following behavior and running differential error analysis against internal targets to prove real-world impact.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: ssrf-redirect-loop
Download link: https://github.com/dreadnode/capabilities/archive/main.zip#ssrf-redirect-loop

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.