展示HN:Dssrf – 一款为Node.js设计的安全构建的SSRF防御库
我开发了 dssrf,这是一个为 Node.js 应用程序设计的安全构建 SSRF 防护库。<p>大多数现有的 SSRF 库依赖于黑名单或正则表达式检查,这些方法容易被绕过。dssrf 采用了一种不同的方法,基于规范化、DNS 解析、重定向验证和 IP 分类。<p>主要特点:
– 符合 RFC 的 URL 规范化
– DNS 解析 + IP 分类
– 重定向链验证
– IPv4/IPv6 安全
– 重新绑定检测
– 协议限制
– 包含 TypeScript 类型<p>目标是消除整个类别的经典 SSRF 漏洞,而不是修补单个有效载荷。<p>GitHub: https://github.com/HackingRepo/dssrf-js
npm: https://www.npmjs.com/package/dssrf<p>我非常欢迎来自社区的反馈、边缘案例和贡献。
查看原文
I built dssrf, a safe-by-construction SSRF defense library for Node.js apps.<p>Most existing SSRF libraries rely on blacklists or regex checks, which are easy to bypass. dssrf takes a different approach based on normalization, DNS resolution, redirect validation, and IP classification.<p>Key features:
– URL normalization RFC compliant
– DNS resolution + IP classification
– Redirect chain validation
– IPv4/IPv6 safety
– Rebinding detection
– Protocol restrictions
– TypeScript types included<p>The goal is to eliminate entire classes of classic SSRF vulnerability and it bypasses rather than patching individual payloads.<p>GitHub: https://github.com/HackingRepo/dssrf-js
npm: https://www.npmjs.com/package/dssrf<p>I love feedback, edge cases, and contributions from the community.