In this video I demonstrate how a Server-Side Request Forgery (SSRF) attack works, including how a Cross-Site Port Attack (XSPA) looks like in Wireshark, and I also cover the installation of XVWA.
There’s a lot to learn in this video if you look closely, as I cover a bit more than just the basics of SSRF.
Disclaimer: Explicit written permission should be obtained if you are going to test a system that you do not legally own. A lot of websites have a “bug bounty program” these days, which allow you to test websites of big companies, as long as you follow their pentest engagement rules. (Refer to e.g. HackerOne)
– Josh (First elite supporter!)
– VMware (https://www.vmware.com/go/downloadplayer)
– Kali Linux (http://kali.org)
– XVWA (https://github.com/s4n7h0/xvwa)
– Google Docs Sheet: https://docs.google.com/document/d/1v1TkWZtrhzRLy0bYXBcdLUedXGb9njTNIJXa3u9akHM/edit
Stay tuned and subscribe for upcoming video about various types of hacks!