resolved comments for validation of ssrf hit

akto-api-security · Mar 16, 2024 · c84dd28 · c84dd28
1 parent 3cc855a
commit c84dd28
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/apps/testing/src/main/java/com/akto/test_editor/Utils.java b/apps/testing/src/main/java/com/akto/test_editor/Utils.java
@@ -662,7 +662,7 @@ public static Boolean sendRequestToSsrfServer(String url){
         if(!(url.startsWith("http"))){
             requestUrl = "http://ssrf.akto.io/validate/" + url;
         }
-        
+
         Request request = new Request.Builder()
             .url(requestUrl)
             .get()
@@ -676,7 +676,9 @@ public static Boolean sendRequestToSsrfServer(String url){
             if (!okResponse.isSuccessful()) {
                 return false;
             }else{
-                return okResponse.code() == 202;
+                ResponseBody responseBody = okResponse.body();
+                BasicDBObject bd = BasicDBObject.parse(responseBody.string());
+                return bd.getBoolean("url-hit");
             }
         }catch (Exception e){
             return false;