A lightweight, zero dependency, standalone SSRF detection proxy.
- Internal IP Address Detection
- DNS Rebinding Attack Detection
- Uncommon HTTP Method Detection
- Redirect Chain attacks
Ready-to-use executables for all platforms:
| Platform | Download Link | Run Command |
|---|---|---|
| Windows | ssrf-proxy-windows-amd64.exe | .\ssrf-proxy-windows-amd64.exe |
| Linux | ssrf-proxy-linux-amd64 | chmod +x ssrf-proxy-linux-amd64 && ./ssrf-proxy-linux-amd64 |
| macOS Intel | ssrf-proxy-darwin-amd64 | chmod +x ssrf-proxy-darwin-amd64 && ./ssrf-proxy-darwin-amd64 |
| macOS Apple Silicon | ssrf-proxy-darwin-arm64 | chmod +x ssrf-proxy-darwin-arm64 && ./ssrf-proxy-darwin-arm64 |
docker build -t ssrf-proxy .
docker run -p 8080:8080 ssrf-proxy# Test the health endpoint (works with any installation method)
curl http://localhost:8080/healthThe proxy works in two modes:
# This request will be proxied to http://example.com
curl http://localhost:8080/http://example.com
# This will be blocked (internal IP)
curl http://localhost:8080/http://192.168.1.1# Use X-Target-URL header to specify the target
curl -H "X-Target-URL: http://example.com" http://localhost:8080/When an SSRF attempt is detected, the proxy:
- Blocks the request immediately (returns HTTP 403 Forbidden)
- Logs the attempt in JSON
- Returns error details
See documentation
Licensed under the MIT License