How to Check a URL for SSRF Attacks in Java

SSRF attacks are generally used to target internal systems protected by firewalls that are inaccessible from the external network. Through these targeted strikes, the attacker gains full or partial control of the requests sent by a web application. The following API can assist in protecting your business from these threats by automatically testing uploaded URLs.

To begin the test, we will install the Maven SDK by adding a reference to the repository in pom.xml:

<repositories>
    <repository>
        <id>jitpack.io</id>
        <url>https://jitpack.io</url>
    </repository>
</repositories>

Then add a reference to the dependency:

<dependencies>
<dependency>
    <groupId>com.github.Cloudmersive</groupId>
    <artifactId>Cloudmersive.APIClient.Java</artifactId>
    <version>v3.90</version>
</dependency>
</dependencies>

Our next step is to add the imports and call the URL SSRF function with the following code:

// Import classes:
//import com.cloudmersive.client.invoker.ApiClient;
//import com.cloudmersive.client.invoker.ApiException;
//import com.cloudmersive.client.invoker.Configuration;
//import com.cloudmersive.client.invoker.auth.*;
//import com.cloudmersive.client.DomainApi;
ApiClient defaultClient = Configuration.getDefaultApiClient();
// Configure API key authorization: Apikey
ApiKeyAuth Apikey = (ApiKeyAuth) defaultClient.getAuthentication("Apikey");
Apikey.setApiKey("YOUR API KEY");
// Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null)
//Apikey.setApiKeyPrefix("Token");
DomainApi apiInstance = new DomainApi();
UrlSsrfRequestFull request = new UrlSsrfRequestFull(); // UrlSsrfRequestFull | Input URL request
try {
    UrlSsrfResponseFull result = apiInstance.domainSsrfCheck(request);
    System.out.println(result);
} catch (ApiException e) {
    System.err.println("Exception when calling DomainApi#domainSsrfCheck");
    e.printStackTrace();
}

The result of this quick process will indicate the safety of the URL so you can react accordingly. If you found this tutorial helpful and are interested in more URL validation APIs, simply visit the Cloudmersive website for more information.