
In this video, we cover Lab #1 in the SSRF module. This application's stock check feature is vulnerable to SSRF. To solve the lab, we change the stock check URL to access the admin interface at http://localhost/admin and delete the user carlos.
In this video, we cover Lab #2 in the SSRF module. This application's stock check feature is vulnerable to SSRF. To solve the lab, we use the stock check functionality to scan the internal 192.168.0.X range for an admin interface on port 8080, then use it to delete the user carlos.
In this video, we cover Lab #3 in the SSRF module. This application's stock check feature is vulnerable to SSRF. The developer has deployed two weak anti-SSRF defenses that will need to be bypassed. To solve the lab, we bypass the defenses and change the stock check URL to access the admin interface at http://localhost/admin and delete the user carlos.
In this video, we cover Lab #4 in the SSRF module. This application's stock check feature is vulnerable to SSRF. The developer has deployed an anti-SSRF defense that will need to be bypassed. To solve the lab, we bypass the defenses and change the stock check URL to access the admin interface at http://localhost/admin and delete the user carlos.
In this video, we cover Lab #5 in the SSRF module. This application's stock check feature is vulnerable to SSRF. The stock checker has been restricted to only access the local application, so we will need to find an open redirect affecting the application first. To solve the lab, we use the open redirect vulnerability to exploit the SSRF vulnerability and change the stock check URL to access the admin interface at http://192.168.0.12:8080/admin and delete the user carlos.
In this video, we cover Lab #6 in the SSRF module. This site uses analytics software which fetches the URL specified in the Referer header when a product page is loaded. To solve the lab, we use this functionality to cause an HTTP request to the public Burp Collaborator server.
In this video, we cover Lab #7 in the SSRF module. The site uses analytics software which fetches the URL specified in the Referer header when a product page is loaded. To solve the lab, we use this functionality to perform a blind SSRF attack against an internal server in the 192.168.0.X range on port 8080. In the blind attack, we use a Shellshock payload against the internal server to exfiltrate the name of the OS user.
Server-Side Request Forgery (SSRF) is a vulnerability that allows an attacker to coerce the application into making requests to unintended locations. SSRF attacks are typically used to establish connections with internal services, which are safeguarded by firewalls within an organization's infrastructure. This could result in sensitive data exposure, denial of service attacks, and in the most severe cases, remote code execution.
SSRF is ranked as the 10th most critical security risk facing web applications today according to the OWASP Top 10 list. Therefore, mastering the ability to identify and exploit SSRF vulnerabilities has become an essential and foundational skill.
In this course, we dive into the technical details behind SSRF vulnerabilities. We explore methods for detecting these vulnerabilities from both black-box and white-box perspectives, along with various techniques for exploiting them. Moreover, we provide insights into preventive and mitigative measures to safeguard against SSRF attacks.
This course goes beyond the basics, offering a well-balanced blend of theoretical knowledge and practical experience! It contains seven hands-on lab exercises of varying complexity levels, guiding you through the process of manually exploiting the vulnerability and then scripting and automating your exploits using Python.
By the end of this course, you'll not only have a solid understanding of SSRF vulnerabilities, but also the ability to identify and exploit these vulnerabilities in real-world applications. We've designed the course content to be beginner-friendly, so you'll never feel overwhelmed.
Whether you are a penetration tester, an application security specialist, a bug bounty hunter, a software developer, an ethical hacker, or simply someone intrigued by web application security, this course is for you!