Student Reviews
( 5 Of 5 )
1 review
Video of Understanding SSRF : Server Side Request Forgery Vulnerability TryHackMe in Web PenTesting course by Motasem Hamdan Cyber Security & Tech channel, video No. 38 free certified online
Server Side Request Forgery (SSRF) is a vulnerability that allows an attacker to abuse a vulnerable server to make HTTP requests to internal systems that are normally protected by a firewall. It is particularly dangerous because it enables indirect access to internal resources by relaying through a compromised web application.
Receive Cyber Security Field Notes and Special Training Videos
https://buymeacoffee.com/notescatalog/membership
Writeup
https://motasem-notes.net/understanding-ssrf-server-side-request-forgery-vulnerability-tryhackme/
Store
https://buymeacoffee.com/notescatalog/extras
Patreon
https://www.patreon.com/motasemhamdan
LinkedIn
[1]: https://www.linkedin.com/in/motasem-hamdan-7673289b/
[2]: https://www.linkedin.com/in/motasem-eldad-ha-bb42481b2/
Instagram
https://www.instagram.com/mastermindstudynotes/
Google Profile
https://maps.app.goo.gl/eLotQQb7Dm6aiL8z6
Twitter
https://twitter.com/ManMotasem
Facebook
https://www.facebook.com/motasemhamdantty/
00:00 - Introduction to SSRF and TryHackMe Room
00:35 - What is SSRF and How it Works
01:55 - Vulnerable PHP and Python Code Examples
03:30 - Goals of SSRF Attacks
04:15 - Testing with a Basic SSRF Payload
05:26 - Using IPv6 Format to Bypass Filters
06:34 - Advanced SSRF Filtering and Bypasses
07:11 - Using Decimal IP Representation
08:21 - Realistic SSRF Challenges and Objectives
09:00 - Reading Sensitive Files via SSRF
10:14 - Identifying Users from /etc/passwd
10:26 - SSRF-Based Port Scanning Explained
11:00 - Writing and Running an SSRF Port Scanner Script
12:35 - Interpreting Port Scanner Output
13:00 - Summary: Users and Open Ports
13:10 - What’s Next: Exploring Force Browsing & API Bypassing