How to Check a URL for SSRF Threats using JavaScript
When a cybercriminal decides to use a Server-Side Request Forgery attack, they’re attempting to trick your system into making requests to a variety of your internal & external resources on their behalf. It’s a common way to circumvent firewalls and gain unauthorized access to sensitive data. Thankfully, there’s an API to protect you from that. Our SSRF Detection API can quickly identify an attack based on an input URL, stopping the problem at the source.
Below, I’ll demonstrate how you can easily leverage this security policy by structuring your API call with JavaScript code examples. You can use this API for free (with a limit of 800 API calls per month) by quickly registering a free account on our website & copying in the necessary API key where indicated in the documentation.
To use this API with the JavaScript XHR feature, copy the below code snippet:
var data = JSON.stringify({
"URL": "<string>",
"BlockedDomains": [
"<string>",
"<string>"
]
});var xhr = new XMLHttpRequest();
xhr.withCredentials = true;xhr.addEventListener("readystatechange", function() {
if(this.readyState === 4) {
console.log(this.responseText);
}
});xhr.open("POST", "https://api.cloudmersive.com/security/threat-detection/network/url/ssrf/detect");
xhr.setRequestHeader("Content-Type", "application/json");
xhr.setRequestHeader("Apikey", "YOUR-API-KEY-HERE");xhr.send(data);
To instead install the jQuery library, first run the following command:
bower install jqueryAnd then call the function:
var settings = {
"url": "https://api.cloudmersive.com/security/threat-detection/network/url/ssrf/detect",
"method": "POST",
"timeout": 0,
"headers": {
"Content-Type": "application/json",
"Apikey": "YOUR-API-KEY-HERE"
},
"data": JSON.stringify({
"URL": "<string>",
"BlockedDomains": [
"<string>",
"<string>"
]
}),
};$.ajax(settings).done(function (response) {
console.log(response);
});
