About 56 results
Open links in new tab
  1. portswigger.net
    https://portswigger.net › web-security › ssrf

    Server-side request forgery (SSRF) - PortSwigger

    In this section we explain what server-side request forgery (SSRF) is, and describe some common examples. We also show you how to find and exploit SSRF ...

  2. portswigger.net
    https://portswigger.net › web-security › learning-paths › ssrf-attacks

    Server-side request forgery (SSRF) attacks - PortSwigger

    This learning path teaches you about server-side request forgery (SSRF). You'll learn about its impact, common techniques used in attacks, and how to defend against them.

  3. portswigger.net
    https://portswigger.net › web-security › ssrf › blind

    Blind SSRF vulnerabilities | Web Security Academy - PortSwigger

    In this section, we'll explain what blind server-side request forgery is, describe some common blind SSRF examples, and explain how to find and exploit blind SSRF vulnerabilities.

  4. portswigger.net
    https://portswigger.net › web-security › ssrf › lab-basic-ssrf-against-localhost

    Lab: Basic SSRF against the local server - PortSwigger

    Server Side Request Forgery - SSRF. What is it? How does it work? Basic SSRF against local server. - YouTube Server Side Request Forgery - SSRF. What is it? How does it work? Basic SSRF against …

  5. portswigger.net
    https://portswigger.net › burp › documentation › desktop › testing-workflow › ssrf

    Testing for SSRF vulnerabilities with Burp Suite - PortSwigger

    Dec 16, 2025 · Server-side request forgery (SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make requests to an unintended location.

  6. portswigger.net
    https://portswigger.net › burp › documentation › desktop › testing-workflow › s…

    Testing for SSRF with Burp Suite - PortSwigger

    Dec 16, 2025 · Server-side request forgery (SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make requests to an unintended location.

  7. portswigger.net
    https://portswigger.net › web-security › ssrf › lab-basic-ssrf-against-backend-s…

    Lab: Basic SSRF against another back-end system

    Lab: Basic SSRF against another back-end system LAB APPRENTICE Basic SSRF against another back-end system

  8. portswigger.net
    https://portswigger.net › web-security › xxe › lab-exploiting-xxe-to-perform-ssrf

    Lab: Exploiting XXE to perform SSRF attacks - PortSwigger

    This endpoint can be used to retrieve data about the instance, some of which might be sensitive. To solve the lab, exploit the XXE vulnerability to perform an SSRF attack that obtains the server's IAM …

  9. portswigger.net
    https://portswigger.net › web-security › ssrf › lab-ssrf-with-blacklist-filter

    Lab: SSRF with blacklist-based input filter - PortSwigger

    This lab has a stock check feature which fetches data from an internal system. To solve the lab, change the stock check URL to access the admin interface at http://localhost/admin and delete the user …

  10. portswigger.net
    https://portswigger.net › web-security › ssrf › url-validation-bypass-cheat-sheet

    URL validation bypass cheat sheet for SSRF/CORS/Redirect - 2024 …

    Sep 30, 2025 · URL validation bypass cheat sheet This cheat sheet contains payloads for bypassing URL validation. These wordlists are useful for attacks such as server-side request forgery, CORS …

Content was generated with AI. Learn more