Find and Exploit Server-Side Request Forgery (SSRF)

Рет қаралды 34,784

Күн бұрын

00:00 Intro
00:36 How SSRF works
01:38 SSRF Lab
06:06 Finding SSRF
06:52 Avoid reporting false positives!
07:09 Scanning & fuzzing for SSRF
07:37 Blind SSRF
08:39 Outro
Pentests & Security Consulting: tcm-sec.com
Get Trained: academy.tcm-sec.com
Get Certified: certifications.tcm-sec.com
Merch: merch.tcm-sec.com
Sponsorship Inquiries: info@thecybermentor.com
📱Social Media📱
___________________________________________
Twitter: / thecybermentor
Twitch: / thecybermentor
Instagram: / thecybermentor
LinkedIn: / heathadams
Discord: / discord
💸Donate💸
___________________________________________
Like the channel? Please consider supporting me on Patreon:
/ thecybermentor
Support the stream (one-time): streamlabs.com/thecybermentor
Hacker Books:
Penetration Testing: A Hands-On Introduction to Hacking: amzn.to/31GN7iX
The Hacker Playbook 3: amzn.to/34XkIY2
Hacking: The Art of Exploitation: amzn.to/2VchDyL
The Web Application Hacker's Handbook: amzn.to/30Fj21S
Real-World Bug Hunting: A Field Guide to Web Hacking: amzn.to/2V9srOe
Social Engineering: The Science of Human Hacking: amzn.to/31HAmVx
Linux Basics for Hackers: amzn.to/34WvcXP
Python Crash Course, 2nd Edition: amzn.to/30gINu0
Violent Python: amzn.to/2QoGoJn
Black Hat Python: amzn.to/2V9GpQk
My Build:
lg 32gk850g-b 32" Gaming Monitor:amzn.to/30C0qzV
darkFlash Phantom Black ATX Mid-Tower Case: amzn.to/30d1UW1
EVGA 2080TI: amzn.to/30d2lj7
MSI Z390 MotherBoard: amzn.to/30eu5TL
Intel 9700K: amzn.to/2M7hM2p
G.SKILL 32GB DDR4 RAM: amzn.to/2M638Zb
Razer Nommo Chroma Speakers: amzn.to/30bWjiK
Razer BlackWidow Chroma Keyboard: amzn.to/2V7A0or
CORSAIR Pro RBG Gaming Mouse: amzn.to/30hvg4P
Sennheiser RS 175 RF Wireless Headphones: amzn.to/31MOgpu
My Recording Equipment:
Panasonic G85 4K Camera: amzn.to/2Mk9vsf
Logitech C922x Pro Webcam: amzn.to/2LIRxAp
Aston Origin Microphone: amzn.to/2LFtNNE
Rode VideoMicro: amzn.to/309yLKH
Mackie PROFX8V2 Mixer: amzn.to/31HKOMB
Elgato Cam Link 4K: amzn.to/2QlicYx
Elgate Stream Deck: amzn.to/2OlchA5
*We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.

Пікірлер: 23

@TheIvalen Жыл бұрын

Well scripted and executed. I am liking these ‘byte’ sized tutorials and concept explanations. Very focused and worthwhile.

@weidup Жыл бұрын

This is amazingly done, what a great explanation in just 9 minutes. Awesome job guys, keep up the great work!

@sinisivasankaran2527 Жыл бұрын

Extremely informative, detailed and to the point. Many thanks for this video.

@nblinthemix Жыл бұрын

What a nice video! Keep up the good work!

@steve0ro Жыл бұрын

Absolutely love the content. I've had issues understanding SSRI. Just wasn't make much sense. Until now. Please release more of this content!! 110% support

@kartiksharma6821 Жыл бұрын

This type of series is good. Keep it up.. 👍👍👍

@goktugserez3116 Жыл бұрын

Awesome video. Thanks liveoverflow!

@vanessateixeira4460 Жыл бұрын

Awesome class :D

@Z0nd4 11 ай бұрын

External Service Interaction y Blind SSRF, real stuff. I found those on a pentest recently. DDDifficult to get evidence for impact. Thanks for the video!

@j4ck_d4niels Жыл бұрын

Awesome class

@mrnightout Жыл бұрын

Useful thanks

@haxguy0 Жыл бұрын

Neat thanks!

@googleadmin4749 Ай бұрын

In one of the videos, I watched a browser extension to change the proxy, as a result, now on Linux I can't bring these proxies back in the update program after deleting the extension, can you remind me which extension the author uses?

@indianfromsouth7756 Жыл бұрын

Came in here to see Heath but got a very good video none the less 😊 🤠 Good content and explanation sir 🙂 a humble request to make a video on new tools like nuclei, rustscan, feroxbuster and so on 🙏 Basically tools made off Rust or Go rather than python 👍

@JoeHellethemayor Жыл бұрын

Eww, Rust. 🤣

@indianfromsouth7756 Жыл бұрын

@@JoeHellethemayor I am blaming TCM for doing this to me through the practical web application security course by Micheal Taggart and his streams as well 😂😂😂

@dadquestionmark Жыл бұрын

He’s explaining a concept and a common web application vulnerability, which is way more valuable than just showing off a specific tool. If you understand a concept, then the tooling becomes secondary (as it should).

@sebastiaanrothman7667 Жыл бұрын

Please for the love of all things good, create a full course at this level. I've been looking for something that actually explains these things at this level as opposed to just running through a demo, making things happen and not actually explaining what's happening.