Find and Exploit Server-Side Request Forgery (SSRF)
HTML-код
- Опубликовано: 11 июл 2024
- 00:00 Intro
00:36 How SSRF works
01:38 SSRF Lab
06:06 Finding SSRF
06:52 Avoid reporting false positives!
07:09 Scanning & fuzzing for SSRF
07:37 Blind SSRF
08:39 Outro
Pentests & Security Consulting: tcm-sec.com
Get Trained: academy.tcm-sec.com
Get Certified: certifications.tcm-sec.com
Merch: merch.tcm-sec.com
Sponsorship Inquiries: info@thecybermentor.com
📱Social Media📱
___________________________________________
Twitter: / thecybermentor
Twitch: / thecybermentor
Instagram: / thecybermentor
LinkedIn: / heathadams
Discord: / discord
💸Donate💸
___________________________________________
Like the channel? Please consider supporting me on Patreon:
/ thecybermentor
Support the stream (one-time): streamlabs.com/thecybermentor
Hacker Books:
Penetration Testing: A Hands-On Introduction to Hacking: amzn.to/31GN7iX
The Hacker Playbook 3: amzn.to/34XkIY2
Hacking: The Art of Exploitation: amzn.to/2VchDyL
The Web Application Hacker's Handbook: amzn.to/30Fj21S
Real-World Bug Hunting: A Field Guide to Web Hacking: amzn.to/2V9srOe
Social Engineering: The Science of Human Hacking: amzn.to/31HAmVx
Linux Basics for Hackers: amzn.to/34WvcXP
Python Crash Course, 2nd Edition: amzn.to/30gINu0
Violent Python: amzn.to/2QoGoJn
Black Hat Python: amzn.to/2V9GpQk
My Build:
lg 32gk850g-b 32" Gaming Monitor:amzn.to/30C0qzV
darkFlash Phantom Black ATX Mid-Tower Case: amzn.to/30d1UW1
EVGA 2080TI: amzn.to/30d2lj7
MSI Z390 MotherBoard: amzn.to/30eu5TL
Intel 9700K: amzn.to/2M7hM2p
G.SKILL 32GB DDR4 RAM: amzn.to/2M638Zb
Razer Nommo Chroma Speakers: amzn.to/30bWjiK
Razer BlackWidow Chroma Keyboard: amzn.to/2V7A0or
CORSAIR Pro RBG Gaming Mouse: amzn.to/30hvg4P
Sennheiser RS 175 RF Wireless Headphones: amzn.to/31MOgpu
My Recording Equipment:
Panasonic G85 4K Camera: amzn.to/2Mk9vsf
Logitech C922x Pro Webcam: amzn.to/2LIRxAp
Aston Origin Microphone: amzn.to/2LFtNNE
Rode VideoMicro: amzn.to/309yLKH
Mackie PROFX8V2 Mixer: amzn.to/31HKOMB
Elgato Cam Link 4K: amzn.to/2QlicYx
Elgate Stream Deck: amzn.to/2OlchA5
*We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites. 
Наука
Well scripted and executed. I am liking these ‘byte’ sized tutorials and concept explanations. Very focused and worthwhile.
This is amazingly done, what a great explanation in just 9 minutes. Awesome job guys, keep up the great work!
Extremely informative, detailed and to the point. Many thanks for this video.
What a nice video! Keep up the good work!
This type of series is good. Keep it up.. 👍👍👍
Awesome video. Thanks liveoverflow!
Absolutely love the content. I've had issues understanding SSRI. Just wasn't make much sense. Until now. Please release more of this content!! 110% support
Awesome class :D
External Service Interaction y Blind SSRF, real stuff. I found those on a pentest recently. DDDifficult to get evidence for impact. Thanks for the video!
Awesome class
Useful thanks
Neat thanks!
In one of the videos, I watched a browser extension to change the proxy, as a result, now on Linux I can't bring these proxies back in the update program after deleting the extension, can you remind me which extension the author uses?
Sir, when do I want to download this video, please tell me how?
mashallah
You should do i video on the SSRF tool called SSRFMap
Noted - thanks for the thought!
HOW TO MAKE Phishing SIT CAN YOU make right video on it please
Please for the love of all things good, create a full course at this level. I've been looking for something that actually explains these things at this level as opposed to just running through a demo, making things happen and not actually explaining what's happening.
Came in here to see Heath but got a very good video none the less 😊 🤠 Good content and explanation sir 🙂 a humble request to make a video on new tools like nuclei, rustscan, feroxbuster and so on 🙏 Basically tools made off Rust or Go rather than python 👍
Eww, Rust. 🤣
@@JoeHellethemayor I am blaming TCM for doing this to me through the practical web application security course by Micheal Taggart and his streams as well 😂😂😂
He’s explaining a concept and a common web application vulnerability, which is way more valuable than just showing off a specific tool. If you understand a concept, then the tooling becomes secondary (as it should).
❤️👌❤️
HI sir