Server-Side Request Forgery (SSRF) Explained
HTML-код
- Опубликовано: 9 апр 2023
- Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
Buy Me Coffee:
www.buymeacoffee.com/nahamsec
Live Every Sunday on Twitch:
/ nahamsec
Free $100 DigitalOcean Credit:
m.do.co/c/3236319b9d0b
Follow me on social media:
/ nahamsec
/ nahamsec
twitch.com/nahamsec
hackerone.com/nahamsec
/ nahamsec1
Github:
github.com/nahamsec
Nahamsec's Discord:
discordapp.com/invite/ucCz7uh
#offensivesecurity #redteam #bugbounty #hackerone #hackers #hacking #infosec #hackingtutorial #owasp #educational Наука
hey Ben, we surely already love your content, but, for those like me, who are new to the industry, trying to learn and move forward, we need the technical, very basic content, this will help us understand more in depth how things goes. thank you again for the great content you are delivering, and for the amount of dedication you are putting in
When there is an issue or something you understand you should go down the rabbit hole and” master “ it. I’m sure you’re doing well now, this comment was a year ago! But this comment is for people just learning 😁
Content + real vulnerability example would be great 🔥
Never thought I could learn SSRF in a more comprehensive way by under 15 minutes! Thanks man!
Thanks! I'm glad it helped!
While I may not have commented before, I've been an avid admirer of your work. As an aspiring pentester, I find your technical content to be precisely what I seek. While your other content is commendable, it's ultimately the expertise you bring that I look up to for learning. Your contributions are truly appreciated.
As CEO of a startup please keep this stuff coming. It took a lot to convince the dev team that exploits weren’t just down to weak passwords so I arranged an in house demo. Jaws dropped. This stuff builds so much awareness. Thank you!
OFC it would be truly helpful to see more content like this
Yes, this is great. From a web developer perspective. I'm trying to under how my server side applications could be hacked and this is great content. Please, continue.
Fully in with technical vids, especially when you chain these with Real life vulns you have found 👌
Hey I absolutely love this, I would love to learn from more technical videos like this.
Content + real+technical aspect of pen testing and bug hunting .Thanks
100% both. I like the nuance you teach here. For example login page and SSRF. This is fantastic content.
Man, keep both coming.!! maybe pick a day to post technical and assign another day for the mentorship aspects or something... Either way ... BOTH ARE EQUALLY IMPORTANT FOR SUCCESS!! ...Also i would love a video on how to transfer from labs /ctf into hacking real world apps. As the fundamentals are the same or close but also very different in alot of ways.
More content is needed like this along with real life examples that you experienced during bug bounty or other testing application
Thank you very much, I hope you'll continue doing these kind of videos 😊
fantastic :o , i would like to see a full and advanced recon video from you :)
Yes, more content like this please 😁
Yea would love this type of content plz part 2
Waiting for this type of content ; please Continue Ben :)
Just what we need Ben 😊 thank you 👏🏻
Love this!
Please, if possible, cover these advanced topics like How to bypass Drupal CMS or other secured CMS? How to bypass HARD WAF protection that stops HTML, SQL, and XSS injection payloads? Payload single-double-triple encoding using Cyber-Chef? How to find the real origin IP of secured websites behind Cloudflare, Akamai, ModSecurity, AWS CDN, etc.,? How to bypass Hard WAF using SQLMAP or Burpsuite? How to find hidden vulnerable parameters and endpoints inside the .js and .jason files? How to find hidden admin pages, cPanel pages, and WHM pages ? Please cover these important topics. Thanks
yes please, give us more content of this kind.
Thanks for helpful content! It would be great if u could do more specific showcases about blind SSRF. For example there is a case that I only receive the DNS queries back to the collab. I guess because of outbound restriction but it seems like the server was trying to reach to that domain. Any way in this case that you can prove the ssrf is there with just DNS? Or do you have any suggestion on setting up things in internal network to prove the vulnerability is there?
Was a long comment but hope u could imagine the case 😂 thanks
Perfect type of content 😃👍
Hi man, I would like to hear you how to do bug bounties exactly and maybe if you can show on live all the necessary steps to do it
Super down with more technical content!
We really want this explain bugs for beginners and give us some advice about the bug i really wish u make playlist for this !! thank u alot
Great Content; More Please 🤑
Haya!
I have quite a lot of experience in pentesting webapps, but i do not have any experience in hosting an instance of a webserver, securing it or being able to load an insecure server, but in a secure way cause we don't want a creepy scanner rooting it and being malicious when i want to test it :P
So my question, could you make a lill tutorial in how to, for example, use a docker or maybe host a site in different means through a Digital Ocean instance? :P
Would be fun to learn a little bit about it and then being able to pentest towards it. By learning this, one can use your knowledge to host a file hosting instance to make an RFI etc, which is a bit difficult without an outwards facing host ^^
Stay safe and happy late Easter!
Would love to see more technical content! TIA
we need more part of this
You are great bro
I love this content make more please
Yes more content like this pls
both content is fine and some free tutorials
stay consistent big bro
Preach!
More please!
I would like to see one of the vulnerabilities you have found and walk through the info gathering stage all the way to the post exploit while explaining the mindset/methodology
Soon :)
Part 2 please
😍
part 2? more content like this!
Epic, Part 2 please.
Hi NahamSec, I'm a regular viewer of your content.can you make video on business logic in dept!! waiting for it
more content like this please
more content like THIS!
I’d love more technical videos
Is Bola and idor the same type of vulnerability with different names
💙
More content like this 🙂🙏❤️🔥
East or West, naham is the best.
Ben One Suggestio | Make a precise playlist of OWASP TOP 10 2021 | Like a 10 min video / on each critical vulnerability
What to do if we don't have burp collaboraor ?
More part 2. Need more technical vids
more and more plz
part 2 or complete playlist on the web Vuln
More pls =)
Creat a playlist content like the types of vulnerabilities and bugs that are common or rate easy to hard like xss or account takover
It was awesome
Next xxe plz
MORE CONTENT !!!
More real bugbouty tech work
Part 2!
Part 2 please....
more content like thiss
More parts on this topic ..
more vcontent like this cover all top 10 owasp vulnerability please...
Drop video with all of the topic you mentioned in the video.
please post content like this...thank you
Vulnerability content or owasp top 10 pls
more content on web attacks
I think you should pivot to doing Unboxing Videos. If that's not in the cards then please keep the technical videos coming!
😊
More, more more real world how to once we have done recon. We need to know the steps on how to find bugs.
part 7 we want
Part two
More content
I would like to see basic contents like this.
PART 2 BRO DEFO
we need location traking tutorial
I love you naham
web hacking content more please
I reported my browser 😂
Both....
yup yup more tutorials for hacking and IT stuff how to do ore bypass
PART-2
Want more vdo
part 2
Part2
theory is all good but when it comes to practical i'm hopeless.
Part 2 ,,4,5,6,7,8,9,-----,99999
location hack
I make hacking videos
Bad explanation with a lot or wrong info
Part 2
part 2
Part 2