I posted a thread on SSRF protection bypasses with different encodings yesterday.

But there's a lot more you can do to bypass filters.

Let's look at some of them below. ( Also, comment your most used and favourite bypasses )

🧵👇
1. DNS Pinning

To get an A-record that resolves into IP, use the following subdomain.

make-<IP>-rr.1u.ms
2. Bypass with Open Redirection

Eg. /nextPage?path=192.168.0.10/secretInfo
3. If SSRF allows only whitelisted domains, try these

3.1 https://expected-host@evil-host
3.2 https://evil-host#expected-host
3.3 https://expected-host.evil-host
3.4 Combing them together : evil-host%09expected-host
4. Use IPv4 mapped IPv6 addresses

Eg. [::ffff:127.0.0.1] , [::ffff:7f00:1]
5. Use enclosed alphanumerics

Eg : ⑫7。⓪.𝟢。𝟷
The idea is to be creative to bypass certain blacklisted functionalities and if whitelisted use different bypasses as present in point 3.
Hey, I'm Nithin 👋

I tweet on the following topics :

🔹 Cybersecurity
🔹 Blockchain and Crypto
🔹 Web Development and Tech
🔹 Books and Productivity

Follow @thebinarybot if any topic above interests you.

#bugbounty #bugbountytips #webdevelopment #100DaysOfCode #infosec

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Nithin R

Nithin R Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @thebinarybot

12 Oct
Here's a list of some of the Youtubers I'm following as a beginner bug bounty hunter. ( They're in no particular order of ranking )

🧵👇
1. @zseano <3<3<3

Channel : youtube.com/c/zseano

Personal favourite :

It's the mindset that matters, always.
2. @theXSSrat My man <3

Channel : youtube.com/c/TheXSSrat

Personal favourite :

(Bet you saw this coming ? :P)
Read 9 tweets
11 Oct
The 2 minute rule.

A Thread.

🧵👇
The main idea behind the 2 minute rule is to slowly curb procrastination off the list of unhealthy habits.
There are different varieties and variations to this, but the main idea is to get started with what you can do under 2 minutes immediately without thinking.
Read 7 tweets
10 Oct
Bypass SSRF protection with different encodings.

A thread.

🧵👇
1. Hex encoding.

If 127.0.0.1 is blocked, try 0x7f.0x0.0x0.0x1
2. Octal encoding.

If 127.0.0.1 is blocked, try 0177.0.0.01
Read 8 tweets
9 Oct
#Bitcoin and the Store of Value.

A Thread

🧵👇
Store of value is a way of preserving wealth over time. This is extremely useful if you've a surplus from the essentials and would like to preserve it for the future.

Gold is considered to be the this store of value, but gold does have certain issues to be addressed.
The problems with Gold :

1. Wastage when conversion is very likely and we intend to lose some money in the process.

2. Gold is difficult to store and safeguard. Since gold is a physical entity and pretty much worn as an accessory, it is subject to theft often.
Read 9 tweets
9 Oct
People intend to talk about success and not the failures or mistakes just to seem near perfect. But it's them mistakes that make us better.

Here's a list of mistakes that I did as a beginner programmer and you might want to avoid some of these.

🧵👇
1. Choosing to code at the very beginning without understanding and breaking down the problem to find a solution.

It's always been helpful to sketch the problem & solution with pen and paper before attempting to code directly.
2. Learning loop

I intend to know the indepth knowledge about a topic and jump from one resource to another. Working hand on rather than just watching tutorials has proven to be helpful.
Read 7 tweets
7 Oct
"Learning how to learn"

A Thread

🧵👇
1. The two fundamental models.

Focused Model : This model is about learning related concepts together as a whole, in a chunk.

Diffuse Model : This model exercises on connecting general ideas across different areas. Example : We use this model unintentionally when daydreaming.
2. Repetitive learning, with a space.

Example : Learn a concept and review it after 8-10 hours later. Come back to the same concept the next day and recheck after 3-4 days, then a week.

Do this until as you're instinctively able to recollect what you've consumed.
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

:(