Fastmail is a SSRF target

Nicolas Grégoire’s excellent presentation from AppSecEU 2015 on various terrifying SSRF exploits.

I was thrillied to see Fastmail, and particularly Hopscotch (my image proxy), mentioned as potential targets, but then not actually feature in any of the exploits presented. I hope that means nothing of interest was found!

Interestingly, I did discover after reading it that Hopscotch was actually vulnerable to a redirect attack. It only did its DNS paranoia checks on the input URL, not on the redirects. Of course its fixed now! Just goes to show that even if you spend a lot of time learning about and protecting yourself against attacks, a simple mistake can undo everything you’ve worked for. Security is hard, people.

AppSecEU15-Server_side_browsing_considered_harmful.pdf