Technical Tip: How to simulate a sample of a SSRF attack and using the Protected Hostname feature in FortiWeb to block the request

One example of an SSRF attack can be simulated using the Burp Suite Community software.

1. To simulate the attack, open the Burp Suite Community software. In the Proxy tab, turn on the Intercept option and open the browser. Browse the domain website so that the HTTP request will be intercepted by Burp Suite.

2. Right-click the request and select the option to Send to Repeater.

3. The request will now appear in the Repeater tab.

4. Change the request URL from '/' to some random hostname, which is just for testing purposes. Send the request to the website protected by FortiWeb but without the Protected Hostname policy. The request will be accepted with an HTTP return code'200'.

5. Create the Protected Hostname Policy and enable the protection in the Server Policy. In FortiWeb, navigate to the Protected Hostname and create a new policy. The policy default action will be 'Deny'.

6. Create the accepting host list and enable the option based on the requirement.

7. After creating the Protected Hostnames policy, navigate to the respective Server Policy and enable the Protected Hostnames policy.

8. Resend the same SSRF attack request from the Burp Suite Community software now. The return code is now '500', which it should be the FortiWeb alert_deny return code.

9. Check on the FortiWeb Attack Logs page, and there will be an attack event triggered by the Protected Hostname policy whereby the request violated the rule.

Related document: