# Server Side Request Forgery (SSRF) **Blogs / Articles:** * SSRF Bible - * * * * * * * * * * * * * * * Blind SSRF - * Bypasses - * * [**https://secureitmania.medium.com/an-unknown-linux-secret-that-turned-ssrf-to-os-command-injection-6fe2f4edc202**](https://secureitmania.medium.com/an-unknown-linux-secret-that-turned-ssrf-to-os-command-injection-6fe2f4edc202) * [**https://bughunter25.medium.com/a-tale-of-html-to-pdf-converter-ssrf-and-various-bypasses-4a3e11030c77**](https://bughunter25.medium.com/a-tale-of-html-to-pdf-converter-ssrf-and-various-bypasses-4a3e11030c77) * [**https://chawdamrunal.medium.com/how-i-exploit-out-of-band-resource-load-http-using-burp-suite-extension-plugin-taborator-2c5065d6a50b**](https://chawdamrunal.medium.com/how-i-exploit-out-of-band-resource-load-http-using-burp-suite-extension-plugin-taborator-2c5065d6a50b) * [**https://wya.pl/2021/12/20/bring-your-own-ssrf-the-gateway-actuator/**](https://wya.pl/2021/12/20/bring-your-own-ssrf-the-gateway-actuator/) * [**https://notifybugme.medium.com/chaining-an-blind-ssrf-bug-to-get-an-rce-92c09de3c0ba**](https://notifybugme.medium.com/chaining-an-blind-ssrf-bug-to-get-an-rce-92c09de3c0ba) **Cheatsheets / Guides:** * * * * **Tips / Twitter Threads:** * * * * SSRF Breakpoints - * SSRF - bypass * **Tools / Payloads:** * * [
](https://twitter.com/subhajitsaha0x/status/1257728798914523136) ![https://twitter.com/m4ll0k/status/1328375464281452547](https://3284959579-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LmdDaax1PAvLD05wJYt%2F-MWEKThEuWhi5FGHtpiR%2F-MWEKfnWh_h1Vu5Yhzuu%2Fimage.png?alt=media\&token=0ab697c9-617d-4566-abf9-359c2b03e3b1) [SSRF Bypass list for localhost (127.0.0.1):](https://twitter.com/LooseSecurity/status/1331270289733324805) [http://127.1/ http://0000::1:80/ http://\[::\]:80/ http://2130706433/ http://whitelisted@127.0.0.1 http://0x7f000001/ http://017700000001 http://0177.00.00.01](https://twitter.com/LooseSecurity/status/1331270289733324805) [Also using a redirect to localhost will often work.](https://twitter.com/LooseSecurity/status/1331270289733324805) ![](https://3284959579-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LmdDaax1PAvLD05wJYt%2F-MWEMGB46Flk9NqS-1jg%2F-MWEMWLJdlCBA_gM4sfa%2Fimage.png?alt=media\&token=37d5737c-dfd6-4b73-bb55-bb40d5b5603a) ![](https://3284959579-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LmdDaax1PAvLD05wJYt%2F-MWEQ_IwLCeelt8OKriS%2F-MWEUUW5hLKRY3EmP52W%2Fimage.png?alt=media\&token=cc32e210-6677-4fe5-a0cd-b7487bcf3ad9) {% embed url="" %} {% embed url="" %} {% embed url="" %} Blind - {% embed url="" %} {% embed url="" %} * * * ```

```