About 51 results
Open links in new tab
  1. portswigger.net
    https://portswigger.net › web-security › ssrf

    Server-side request forgery (SSRF) - PortSwigger

    Server-side request forgery (SSRF) In this section we explain what server-side request forgery (SSRF) is, and describe some common examples. We also show you how to find and exploit SSRF …

  2. portswigger.net
    https://portswigger.net › web-security › learning-paths › ssrf-attacks

    Server-side request forgery (SSRF) attacks - PortSwigger

    Server-side request forgery (SSRF) attacks This learning path teaches you about server-side request forgery (SSRF). You'll learn about its impact, common techniques used in attacks, and how to defend …

  3. portswigger.net
    https://portswigger.net › web-security › ssrf › blind

    Blind SSRF vulnerabilities | Web Security Academy - PortSwigger

    Blind SSRF vulnerabilities In this section, we'll explain what blind server-side request forgery is, describe some common blind SSRF examples, and explain how to find and exploit blind SSRF vulnerabilities. …

  4. portswigger.net
    https://portswigger.net › web-security › ssrf › lab-basic-ssrf-against-localhost

    Lab: Basic SSRF against the local server - PortSwigger

    Server Side Request Forgery - SSRF. What is it? How does it work? Basic SSRF against local server.

  5. portswigger.net
    https://portswigger.net › burp › documentation › desktop › testing-workflow › v…

    Testing for SSRF vulnerabilities with Burp Suite - PortSwigger

    Apr 10, 2026 · Professional Community Edition Testing for SSRF vulnerabilities with Burp Suite Last updated: April 10, 2026 Read time: 1 Minute Server-side request forgery (SSRF) is a web security …

  6. portswigger.net
    https://portswigger.net › web-security › ssrf › url-validation-bypass-cheat-sheet

    URL validation bypass cheat sheet for SSRF/CORS/Redirect - 2024 …

    URL validation bypass cheat sheet This cheat sheet contains payloads for bypassing URL validation. These wordlists are useful for attacks such as server-side request forgery, CORS misconfigurations, …

  7. portswigger.net
    https://portswigger.net › web-security › all-labs

    All labs | Web Security Academy - PortSwigger

    LAB PRACTITIONER SSRF with blacklist-based input filter LAB PRACTITIONER SSRF with filter bypass via open redirection vulnerability LAB EXPERT Blind SSRF with Shellshock exploitation LAB

  8. portswigger.net
    https://portswigger.net › ... › desktop › testing-workflow › vulnerabilities › ssrf › …

    Testing for SSRF with Burp Suite - PortSwigger

    2 days ago · Server-side request forgery (SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make requests to an unintended location. SSRF vulnerabilities …

  9. portswigger.net
    https://portswigger.net › web-security › xxe

    XML external entity (XXE) injection - PortSwigger

    XML external entity (XXE) injection In this section, we'll explain what XML external entity injection is, describe some common examples, explain how to find and exploit various kinds of XXE injection, …

  10. portswigger.net
    https://portswigger.net › web-security › xxe › lab-exploiting-xxe-to-perform-ssrf

    Lab: Exploiting XXE to perform SSRF attacks - PortSwigger

    This endpoint can be used to retrieve data about the instance, some of which might be sensitive. To solve the lab, exploit the XXE vulnerability to perform an SSRF attack that obtains the server's IAM …

Content was generated with AI. Learn more