🔥 Server-Side Request Forgery (SSRF) Demo

🧪 How to Test This Vulnerability

  1. Try a public API like https://jsonplaceholder.typicode.com/posts/1
  2. Test internal IPs like http://127.0.0.1  or http://localhost
  3. Try cloud metadata endpoints:
    • AWS: http://169.254.169.254/latest/meta-data/
    • Azure: http://169.254.169.254/metadata/instance?api-version=2021-02-01
    • GCP: http://metadata.google.internal/computeMetadata/v1/
  4. Try internal service ports: http://127.0.0.1:8080
  5. Observe the server’s response below.

⚠️ This demo is intentionally vulnerable and for educational use only.

🧾 Server Response

Submit a URL to view the server response here.

🔙 Back to SSRF Demo Home