Bug Hunter Handbook

Powered by GitBook

On this page

Was this helpful?

List of Vulnerabilities

Server Side Request Forgery (SSRF)

References for SSRF

PreviousLocal / Remote File Inclusion (LFI / RFI)NextRemote Code Execution (RCE)

Last updated 6 months ago

Was this helpful?

Blogs / Articles:

SSRF Bible -
Blind SSRF -
Bypasses -

Cheatsheets / Guides:

Tips / Twitter Threads:

Tools / Payloads:

SSRF Breakpoints -

SSRF - bypass

Blind -

https://docs.google.com/document/d/1v1TkWZtrhzRLy0bYXBcdLUedXGb9njTNIJXa3u9akHM/edit

http://niiconsulting.com/checkmate/2015/04/server-side-request-forgery-ssrf/

https://www.hackerone.com/blog-How-To-Server-Side-Request-Forgery-SSRF

https://cfdb.io/Web/Server-Side%20Request%20Forgery

http://www.smeegesec.com/2017/10/detecting-ssrf-using-aws-services.html

https://medium.com/bugbountywriteup/bug-bounty-fastmail-feeda67905f5

http://www.sxcurity.pro/2017/12/17/hackertarget/

https://mike-n1.github.io/SSRF_P4toP2

https://medium.com/@auxy233/the-design-and-implementation-of-ssrf-attack-framework-550e9fda16ea

https://blog.christophetd.fr/abusing-aws-metadata-service-using-ssrf-vulnerabilities/

https://www.shawarkhan.com/2018/05/getting-read-access-on-edmodo.html

https://medium.com/@valeriyshevchenko/subdomain-takeover-with-shopify-heroku-and-something-more-6e9504da34a1

https://www.agarri.fr/docs/AppSecEU15-Server_side_browsing_considered_harmful.pdf

https://medium.com/@arbazhussain/svg-xlink-ssrf-fingerprinting-libraries-version-450ebecc2f3c

https://desc0n0cid0.blogspot.com/2019/01/chaining-2-low-impact-bugs-into-gitlab.html

https://lab.wallarm.com/blind-ssrf-exploitation/

https://subhajitsaha.com/bypassing-ssrfs-like-a-king/

https://t.co/oMmwp61vt6?amp=1

https://secureitmania.medium.com/an-unknown-linux-secret-that-turned-ssrf-to-os-command-injection-6fe2f4edc202

https://bughunter25.medium.com/a-tale-of-html-to-pdf-converter-ssrf-and-various-bypasses-4a3e11030c77

https://chawdamrunal.medium.com/how-i-exploit-out-of-band-resource-load-http-using-burp-suite-extension-plugin-taborator-2c5065d6a50b

https://wya.pl/2021/12/20/bring-your-own-ssrf-the-gateway-actuator/

https://notifybugme.medium.com/chaining-an-blind-ssrf-bug-to-get-an-rce-92c09de3c0ba

https://github.com/cujanovic/SSRF-Testing

https://gist.github.com/jhaddix/78cece26c91c6263653f31ba453e273b

https://github.com/allanlw/svg-cheatsheet

http://blog.safebuff.com/2016/07/03/SSRF-Tips/

https://twitter.com/omespino/status/998603788020781056

https://twitter.com/trouble1_raunak/status/1216200502309871616

https://twitter.com/s0md3v/status/1210130223334715393

https://twitter.com/SMHTahsin33/status/1293601681834307584

https://twitter.com/HusseiN98D/status/1258217821693190154?s=20

https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/SSRF%20injection

SSRF Bypass list for localhost (127.0.0.1):

http://127.1/ http://0000::1:80/ http://[::]:80/ http://2130706433/ http://whitelisted@127.0.0.1 http://0x7f000001/ http://017700000001 http://0177.00.00.01

Also using a redirect to localhost will often work.

https://lab.wallarm.com/blind-ssrf-exploitation/

https://resources.securitycompass.com/blog/ssrf-as-a-service-mitigating-a-design-level-software-security-vulnerability-2

https://www.rfk.id.au/blog/entry/security-bugs-ssrf-via-request-splitting/

Threats & Research Archives - F-Secure BlogF-Secure Blog