⛏️ Write test for fetching data from an internal api with broken auth or no-auth via SSRF

[aktoboy]

💭 Introduction: We want to test whether an attacker can pull out data using an internal api with broken authentication via SSRF.

🎯 Requirements: This test should only run for APIs which are taking url as a parameter in input. The test should correctly detect whether data can be pulled out using SSRF.

✅ Task summary:

• [ ] Ask to be assigned to the issue.
• [ ] Wait to be assigned. We will try to assign in less than 2 hours.
• [ ] Fork the tests-library repository, create a new branch and commit the yaml file which will be called in your test.
• [ ] Fork the akto repo, create a new branch and commit changes related to running test via the yaml template created in the previous step.
• [ ] Write unit tests to test your changes.
• [ ] Submit both the PRs here.

✌🏻 Hints: You can build the yaml template by referring this link You can refer the PR here for changes to be done in akto repo: link

🙋🏼‍♂️ Questions: If you have questions, need any help, or just want to hang out, make sure to join us on our Discord server.