How to Check a URL for SSRF Threats in Python

Server Side Request Forgery (SSRF) threats are yet another form of attack that businesses need to guard against. While a Cross-Site Request Forgery (CSRF) targets the user, SSRF attacks specifically target a server by sending back-end requests from vulnerable web applications. To ensure this doesn’t happen to you, we have developed an API that will check an input URL for SSRF threats.

To use this API, we first need to install the SDK:

pip install cloudmersive-validate-api-client

Next, we are going to create an instance of the API and call the function with the following code:

from __future__ import print_function
import time
import cloudmersive_validate_api_client
from cloudmersive_validate_api_client.rest import ApiException
from pprint import pprint
# Configure API key authorization: Apikey
configuration = cloudmersive_validate_api_client.Configuration()
configuration.api_key['Apikey'] = 'YOUR_API_KEY'
# create an instance of the API class
api_instance = cloudmersive_validate_api_client.DomainApi(cloudmersive_validate_api_client.ApiClient(configuration))
request = cloudmersive_validate_api_client.UrlSsrfRequestFull() # UrlSsrfRequestFull | Input URL request
try:
# Check a URL for SSRF threats
api_response = api_instance.domain_ssrf_check(request)
pprint(api_response)
except ApiException as e:
print("Exception when calling DomainApi->domain_ssrf_check: %s\n" % e)

The returned response will indicate if the URL is free from SSRF threats, as well as the threat level. Visit the Cloudmersive website to retrieve your free API key and gain access to 800 monthly calls across our library of APIs.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store