I built dssrf, a safe-by-construction SSRF defense library for Node.js apps.
Most existing SSRF libraries rely on blacklists or regex checks, which are easy to bypass. dssrf takes a different approach based on normalization, DNS resolution, redirect validation, and IP classification.
Key features:
– URL normalization RFC compliant
– DNS resolution + IP classification
– Redirect chain validation
– IPv4/IPv6 safety
– Rebinding detection
– Protocol restrictions
– TypeScript types included
The goal is to eliminate entire classes of classic SSRF vulnerability and it bypasses rather than patching individual payloads.
Most existing SSRF libraries rely on blacklists or regex checks, which are easy to bypass. dssrf takes a different approach based on normalization, DNS resolution, redirect validation, and IP classification.
Key features: – URL normalization RFC compliant – DNS resolution + IP classification – Redirect chain validation – IPv4/IPv6 safety – Rebinding detection – Protocol restrictions – TypeScript types included
The goal is to eliminate entire classes of classic SSRF vulnerability and it bypasses rather than patching individual payloads.
GitHub: https://github.com/HackingRepo/dssrf-js npm: https://www.npmjs.com/package/dssrf
I love feedback, edge cases, and contributions from the community.