Home Tools Pricing API Docs About Sign in Get started

Redirect / SSRF Fuzzer

Web Security

Test a single parameter for open-redirect and SSRF reflection with safe canary payloads.

What is Redirect / SSRF Fuzzer?

Redirect / SSRF Fuzzer focuses on the parameters that drive server-side fetching or redirection. It substitutes canary values and watches the response and redirect behavior for signs the parameter controls where the server (or browser) goes.

It is built to confirm a hunch quickly and safely — using benign markers and the suite’s SSRF guard rather than blasting destructive payloads.

What it tests

Open redirect — does the parameter send a 3xx to an attacker-chosen URL?
SSRF reflection — does the server fetch and reflect a canary destination?
Encoding variants — tries common bypass encodings for filters.
Safe by design — canary-based, with private/metadata targets blocked.

Where it fits in your workflow

→Validate a suspicious redirect or url= parameter found in recon.
→Confirm SSRF reachability before escalating manually.

Use Redirect / SSRF Fuzzer

Run it from your dashboard.

Create free account Sign in Use via API

At a glance

CategoryWeb Security

RunsServer-side

Token cost 5 / run (free tier)

AccessPro

Status● Live

Frequently asked questions

Can it reach cloud metadata endpoints?

The tool itself is SSRF-guarded and will not fetch internal/metadata addresses on your behalf — it tests whether the target is vulnerable, not your own infrastructure.

Explore more tools →