How to determine what IP the browser is navigating to? #1905

willhughes-au · 2023-05-08T05:52:02Z

willhughes-au
May 8, 2023

I'm looking to limit the scope of any potential SSRF attacks.

The scenario is where we might have user-controlled content that is being crawled.

Scenarios:

Links to https://localhost/ directly.
Links to http://10.1.2.3/ or some other RFC1918 or other 'internal' IP range such as the AWS EC2 instance meta-data IP.
Links to http://localhost:1234 - some non-standard port.
Links to https://localhost.example.com/ that is a DNS alias to 127.0.0.1 or some internal IP range
Links to https://redirect.example.com that is issuing a HTTP redirect to 127.0.0.1

Looking for similar discussions I've run into this discussion: #1814

That might work for determining ports, but I can't see a way to find the IP that the browser is or will connect to.

Given that DNS entries can be very short lived, and can programmatically return different results for each resolve. It is not simply sufficient to resolve the DNS entry prior to navigation if that's not the IP that the browser will connect to.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

How to determine what IP the browser is navigating to? #1905

{{title}}

Replies: 0 comments

Select a reply

How to determine what IP the browser is navigating to? #1905

willhughes-au May 8, 2023

Replies: 0 comments

willhughes-au
May 8, 2023