Bypass SSRF protection with different encodings.

A thread.

๐Ÿงต๐Ÿ‘‡
1. Hex encoding.

If 127.0.0.1 is blocked, try 0x7f.0x0.0x0.0x1
2. Octal encoding.

If 127.0.0.1 is blocked, try 0177.0.0.01
3. Double word encoding.

If http://127.0.0.1 is blocked, try http://21307064334
4. URL encoding.

localhost can be represented as % 6c%6f%63%61%6c%68%6f%73%74
5. Mixed /Hybrid encoding.

Combination of different encoding types such as octal with hex.

Eg : 0177.0.0.0x1 is the representative of 127.0.0.1
Due credits to @vickieli7 for the above tips.

Source : vickieli.medium.com/bypassing-ssrfโ€ฆ
Hey, I'm Nithin ๐Ÿ‘‹

I tweet on the following topics :

๐Ÿ”น Cybersecurity
๐Ÿ”น Blockchain and Crypto
๐Ÿ”น Web Development and Tech
๐Ÿ”น Books and Productivity

Follow @thebinarybot if any topic above interests you.

#bugbounty #bugbountytips #webdevelopment #100DaysOfCode #infosec

โ€ข โ€ข โ€ข

Missing some Tweet in this thread? You can try to force a refresh
ใ€€

Keep Current with Nithin R

Nithin R Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @thebinarybot

12 Oct
Here's a list of some of the Youtubers I'm following as a beginner bug bounty hunter. ( They're in no particular order of ranking )

๐Ÿงต๐Ÿ‘‡
1. @zseano <3<3<3

Channel : youtube.com/c/zseano

Personal favourite :

It's the mindset that matters, always.
2. @theXSSrat My man <3

Channel : youtube.com/c/TheXSSrat

Personal favourite :

(Bet you saw this coming ? :P)
Read 9 tweets
11 Oct
The 2 minute rule.

A Thread.

๐Ÿงต๐Ÿ‘‡
The main idea behind the 2 minute rule is to slowly curb procrastination off the list of unhealthy habits.
There are different varieties and variations to this, but the main idea is to get started with what you can do under 2 minutes immediately without thinking.
Read 7 tweets
11 Oct
I posted a thread on SSRF protection bypasses with different encodings yesterday.

But there's a lot more you can do to bypass filters.

Let's look at some of them below. ( Also, comment your most used and favourite bypasses )

๐Ÿงต๐Ÿ‘‡
1. DNS Pinning

To get an A-record that resolves into IP, use the following subdomain.

make-<IP>-rr.1u.ms
2. Bypass with Open Redirection

Eg. /nextPage?path=192.168.0.10/secretInfo
Read 9 tweets
9 Oct
#Bitcoin and the Store of Value.

A Thread

๐Ÿงต๐Ÿ‘‡
Store of value is a way of preserving wealth over time. This is extremely useful if you've a surplus from the essentials and would like to preserve it for the future.

Gold is considered to be the this store of value, but gold does have certain issues to be addressed.
The problems with Gold :

1. Wastage when conversion is very likely and we intend to lose some money in the process.

2. Gold is difficult to store and safeguard. Since gold is a physical entity and pretty much worn as an accessory, it is subject to theft often.
Read 9 tweets
9 Oct
People intend to talk about success and not the failures or mistakes just to seem near perfect. But it's them mistakes that make us better.

Here's a list of mistakes that I did as a beginner programmer and you might want to avoid some of these.

๐Ÿงต๐Ÿ‘‡
1. Choosing to code at the very beginning without understanding and breaking down the problem to find a solution.

It's always been helpful to sketch the problem & solution with pen and paper before attempting to code directly.
2. Learning loop

I intend to know the indepth knowledge about a topic and jump from one resource to another. Working hand on rather than just watching tutorials has proven to be helpful.
Read 7 tweets
7 Oct
"Learning how to learn"

A Thread

๐Ÿงต๐Ÿ‘‡
1. The two fundamental models.

Focused Model : This model is about learning related concepts together as a whole, in a chunk.

Diffuse Model : This model exercises on connecting general ideas across different areas. Example : We use this model unintentionally when daydreaming.
2. Repetitive learning, with a space.

Example : Learn a concept and review it after 8-10 hours later. Come back to the same concept the next day and recheck after 3-4 days, then a week.

Do this until as you're instinctively able to recollect what you've consumed.
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

:(