A practical walkthrough of Server-Side Request Forgery (SSRF) covering core concepts, recognition patterns, and hands-on exploitation. Explains both regular and blind SSRF, common vulnerable input types (URL parameters, hidden fields, hostnames, paths), and real-world features prone to SSRF like webhooks and PDF generators. Demonstrates a TryHackMe lab scenario where a deny list is bypassed using path normalization (x/../private) to access a restricted /private endpoint, with the server returning base64-encoded content that reveals the protected resource.
Table of contents
Understanding SSRFRecognizing SSRF PatternsFiltering and BypassesPutting SSRF Into PracticeSort: