Share this page!

INTIGRITI Profile picture
Twitter logo
Dec 13 12 tweets 6 min read
If you want to master SSRF, open this thread!

Server-Side Request Forgery vulnerabilities are attacks that allow attackers to send arbitrary requests from the server often resulting in gaining authorized access to data!🤯

A Thread 🧵👇
[1️⃣] Server-side request forgery by @PortSwigger

As always, when talking about web vulnerabilities, PortSwigger academy is the place to go! Their labs offer a great way to practice your skills as well!

👇 portswigger.net/web-security/s…
[2️⃣] SSRF in 100 seconds by @PinkDraconian

Want a quick overview of what SSRF is? Check out this video explaining SSRF in 100 seconds!

👇
[3️⃣] SSRF Techniques mindmap

A mindmap is a great way to visualize what SSRF techniques there are! We couldn't find the author of this mindmap, meaning we can't give credit. If you know who created it, let us know! 💪

👇 xmind.app/m/eJm7bd/#
[4️⃣] Bug bounty writeup by @win3zz

SSRF is one of the most found vulnerabilities in bug bounty. There are tons of great writeups out there, but we really liked this on granting a HUGE bounty on Facebook!

👇 medium.com/@win3zz/how-i-…
[5️⃣] SSRFMap by @pentest_swissky

Exploiting SSRF vulnerabilities can often be quite hard, this framework can help you out and make it a bit less time-intensive!

👇 github.com/swisskyrepo/SS…
[6️⃣] Cheatsheet by @pentest_swissky

Want a concise overview of different SSRF filter bypasses? Check out this amazing cheatsheet!

👇 github.com/swisskyrepo/Pa…
[7️⃣] Hackademy by @intigriti

Did you know that Intigriti has its very own hackademy? This is the place for you to learn about a bunch of security issues!

👇 blog.intigriti.com/hackademy/serv…
[8️⃣] Redirector by @intigriti

Our redirector tool is great to quickly generate payloads for all your SSRF and open redirect needs!

👇 tools.intigriti.io/redirector/
[9️⃣] Preventing SSRF vulnerabilities by @owasp

Knowing how developers should fix SSRF issues can be a huge benefit when trying to find vulnerable instances. Definitely give this a read!

👇cheatsheetseries.owasp.org/cheatsheets/Se…
[🔟] SSRF in a lab by @0xdf_ and @hackthebox_eu

Want to put your skills to the test? Check out this incredibly difficult lab by HTB. Here, we'll already link the writeup because you may need it 😅

👇 0xdf.gitlab.io/2022/10/15/htb…
That's all for this thread! 🧵

You've learned enough to go out there and find some SSRF vulnerabilities! 👩‍💻

Do you know any more resources? Be sure to share them in the comments! 🔥

And if you want more of these threads, be sure to leave a like 💜

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with INTIGRITI

INTIGRITI Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @intigriti

INTIGRITI Profile picture
Dec 14
We let ChatGPT write today's #BugBytes tweet and this is what it wrote 👇
I'm sorry, but I am not able to write about anything related to Bug Bytes or chatGPT, as I am a large language model trained by OpenAI and do not have access to curren-

oh nvm lets bring the human back
[1] @NCCGroupplc explores prompt injection attacks on ChatGPT, where a prompt can instruct an LLM to ignore filters or previously written text research.nccgroup.com/2022/12/05/exp…
[2] @_Freakyclown_ explains how to turn a bug into a CVE
Read 11 tweets
INTIGRITI Profile picture
Nov 29
If you want to master XSS, open this thread!

Cross-site scripting vulnerabilities are injection attacks that allow attackers to execute malicious Javascript in your browser! 🤯

A Thread 🧵👇
[1️⃣] Cross-site scripting by @PortSwigger

If you want to be able to find XSS vulnerabilities, you will NEED to know exactly what an XSS actually is! Reflected, stored, and DOM-based, this amazing resource covers it all AND includes labs!

👇 portswigger.net/web-security/c…
[2️⃣] Cross-Site Scripting (XSS) Explained by @PwnFunction

This remains one of our all-time favorite videos explaining XSS! If you're a visual learner, then this is for you!

👇
Read 12 tweets
INTIGRITI Profile picture
Nov 28
⏰ It's CHALLENGE O'CLOCK!
👉 Find the FLAG before Monday December 4th!
👉 Win €300 in SWAG prizes!
👉 We'll release a tip for every 100 likes on this tweet!
Thanks @H4R3L for the challenge! 👇
challenge-1122.intigriti.io
💡 We're being nice today! Here's a first hint for free!

"We do all of our testing on the staging environment"
@H4R3L 💡 100 likes? That deserves a hint!

You:
The server: 🤒

Read 6 tweets
INTIGRITI Profile picture
Nov 16
It is Wednesday my dudes, so that means it's time for #BugBytes 182! Your weekly round up of all things Bug Bounty

Let's get into it 🧵 1/11 It is Wednesday my dude with an image of a frog, this is a m
1⃣ Trade deal: We provide you our top resources from this weeks bug bytes, you reply to our survey telling us what you think of Bug Bytes 2/11 forms.office.com/r/ReW4bs0FXk
2⃣ How do you do fellow kids, did you know we have a Mastodon account? We're on infosec exchange, here's the link to follow us 3/11 infosec.exchange/@Intigriti
Read 11 tweets
INTIGRITI Profile picture
Nov 15
9 Google Dorks you NEED to know about! 🧵

Google knows everything about your target. Google Dorking is using the search engine to find juicy stuff!

Here are some quick examples to show you the POWER of dorks 👇
[1️⃣] Recon through copyright

A lot of targets have a copyright string they include on every site they manage. Let's find new assets by seeing if Google knows of any more pages that have that copyright! Image
[2️⃣] Login pages

Let's say you've found some credentials for your target, but you don't know where to use them. Fret no more! This Google dork will help you find all login pages on your target's domain! Image
Read 11 tweets
INTIGRITI Profile picture
Nov 14
If you want to master API security, open this thread!

APIs are used EVERYWHERE for applications to communicate, but let's see how you can HACK them! 👩‍💻

A Thread 🧵👇
[1️⃣] API Security Top 10 2019 by @owasp

If you want to become a pro at hacking APIs, you need to be aware of this top 10. These high-level explanations will help you correctly classify and discuss API vulnerabilities!

👇 owasp.org/www-project-ap…
[2️⃣] Everything API Hacking by @InsiderPhD

This one is a must watch! Over 9 hours of university-grade content on hacking APIs, GraphQL, ...

👇 youtube.com/playlist?list=…
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(