How to Check URLs for SSRF Attacks in C/C++

If our web application isn’t validating user input properly, it can be vulnerable to SSRF (Server-Side Request Forgery) attack. Using the below code, we can take advantage of a free-to-use API which identifies if user-supplied URLs reference a malicious underlying resource intended to control our web application’s requests.

To structure your API call in C/C++, first install Libcurl:

libcurl/7.75.0

After that, copy and paste the below code to structure your request, and provide a free-tier API key in the authorization header:

CURL *curl;
CURLcode res;
curl = curl_easy_init();
if(curl) {
     curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "POST");
     curl_easy_setopt(curl, CURLOPT_URL, "https://api.cloudmersive.com/security/threat-detection/network/url/ssrf/detect");
     curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
     curl_easy_setopt(curl, CURLOPT_DEFAULT_PROTOCOL, "https");
     struct curl_slist *headers = NULL;
     headers = curl_slist_append(headers, "Content-Type: application/json");
     headers = curl_slist_append(headers, "Apikey: YOUR-API-KEY-HERE");
     curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
     const char *data = "{\n    \"URL\": \"<string>\",\n    \"BlockedDomains\": [\n        \"<string>\",\n        \"<string>\"\n    ]\n}";
     curl_easy_setopt(curl, CURLOPT_POSTFIELDS, data);
     res = curl_easy_perform(curl);
}
curl_easy_cleanup(curl);

The API response will provide a “CleanURL” boolean determining if a URL was safe or unsafe, and it will describe the threat level in a string directly after.