SSRF Demo - Interactive

Source Code

const express = require('express');
const axios = require('axios');
const app = express();
const port = 3000;

app.get('/fetch-unsafe', async (req, res) => {
  const targetUrl = req.query.url;

  if (!targetUrl) {
    return res.status(400).send('Missing url parameter');
  }

  try {
    const response = await axios.get(targetUrl); // 🔥 Vulnerable to SSRF
    res.send(response.data);
  } catch (err) {
    res.status(500).send(`Error fetching URL: ${err.message}`);
  }
});

app.get('/fetch-safe', async (req, res) => {
  const targetUrl = req.query.url;

  if (!targetUrl) {
    return res.status(400).send('Missing url parameter');
  }

  try {
    const response = await axios.get('https://lab.appsecjp.com/xss.php', {
      params: {
        search: targetUrl
      }
    });
    res.send(response.data);
  } catch (err) {
    res.status(500).send(`Error fetching URL: ${err.message}`);
  }
});

app.get('/fetch-kind-safe', async (req, res) => {
  const targetUrl = req.query.url;

  if (!targetUrl) {
    return res.status(400).send('Missing url parameter');
  }

  try {
    const response = await axios.get(`https://lab.appsecjp.com/xss.php?search=${targetUrl}`);
    res.send(response.data);
  } catch (err) {
    res.status(500).send(`Error fetching URL: ${err.message}`);
  }
});

app.listen(port, () => {
  console.log(`SSRF demo app listening at http://localhost:${port}`);
});