About 4,650 results
Open links in new tab
  1. portswigger.net
    https://portswigger.net › web-security › ssrf

    Server-side request forgery (SSRF) - PortSwigger

    In this section we explain what server-side request forgery (SSRF) is, and describe some common examples. We also show you how to find and exploit SSRF ...

  2. portswigger.net
    https://portswigger.net › web-security › learning-paths › ssrf-attacks

    Server-side request forgery (SSRF) attacks - PortSwigger

    This learning path teaches you about server-side request forgery (SSRF). You'll learn about its impact, common techniques used in attacks, and how to defend against them.

  3. portswigger.net
    https://portswigger.net › web-security › ssrf › blind

    Blind SSRF vulnerabilities | Web Security Academy - PortSwigger

    In this section, we'll explain what blind server-side request forgery is, describe some common blind SSRF examples, and explain how to find and exploit blind SSRF vulnerabilities.

  4. portswigger.net
    https://portswigger.net › web-security › ssrf › lab-basic-ssrf-against-local…

    Lab: Basic SSRF against the local server - PortSwigger

    Lab: Basic SSRF against the local server LAB APPRENTICE Basic SSRF against the local server

  5. portswigger.net
    https://portswigger.net › burp › documentation › desktop › testing-workflo…

    Testing for SSRF vulnerabilities with Burp Suite - PortSwigger

    Dec 16, 2025 · Server-side request forgery (SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make requests to an unintended location.

  6. portswigger.net
    https://portswigger.net › burp › documentation › desktop › testing-workflo…

    Testing for SSRF with Burp Suite - PortSwigger

    Dec 16, 2025 · Server-side request forgery (SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make requests to an unintended location.

  7. portswigger.net
    https://portswigger.net › web-security › ssrf › lab-basic-ssrf-against-back…

    Lab: Basic SSRF against another back-end system

    Lab: Basic SSRF against another back-end system LAB APPRENTICE Basic SSRF against another back-end system

  8. portswigger.net
    https://portswigger.net › research › listen-to-the-whispers

    Listen to the whispers: web timing attacks that actually work

    Aug 7, 2024 · The single biggest breakthrough in this research was when I realized I could use timing to detect a widely overlooked type of SSRF. Back in 2017, I researched techniques to …

  9. portswigger.net
    https://portswigger.net › web-security › ssrf › url-validation-bypass-cheat …

    URL validation bypass cheat sheet for SSRF/CORS/Redirect - 2024 …

    URL validation bypass cheat sheet This cheat sheet contains payloads for bypassing URL validation. These wordlists are useful for attacks such as server-side request forgery, CORS …

  10. portswigger.net
    https://portswigger.net › research › introducing-the-url-validation-bypass …

    Introducing the URL validation bypass cheat sheet - PortSwigger

    Sep 3, 2024 · URL validation bypasses are the root cause of numerous vulnerabilities including many instances of SSRF, CORS misconfiguration, and open redirection. These work by using …

Content was generated with AI. Learn more