SSRF via PDF? Now made easy.

(thread)
1. Go to @jonasl github and clone this repo. Can't paste the link, for some reason @twitter thinks it's malicious...
2. Copy Burp Collaborator URL to the clipboard.
3. Use as
4. Test file upload features with the generated PDFs.
5. PRO tip: On some endpoints, you need to provide base64 data.

You can use the search engine to find a PDF => Base64 converter. Use the base64 value in the input, usually via a POST request parameter.
6. Comment below if you know of other similar tools! Such as for images for example.
7. If you enjoyed this thread, there's much more to come! So, stay tuned.

Like, retweet, and follow me @cristivlad25 for more.

#pentesting #appsec #infosec #cybersecurity #hacking #bugbountytips #bugbounty #ethicalhacking

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with 🇷🇴 cristi

🇷🇴 cristi Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @CristiVlad25

Jan 29
Privilege escalation in Windows using 4 tools for red teamers and pentesters.

(thread)
1. WinPEAS - it's a simple .exe script you can run as: winpeas.exe > outputfile.txt

Get it here: github.com/carlospolop/PE…
2. PrivescCheck - a powershell script

Get it here: github.com/itm4n/PrivescC…
Read 6 tweets
Jan 27
In this week's newsletter:

- building the next ChatGPT | Network Pentesting | Full-blown Winter -

(thread) Image
1. I'm talking about the 6 month learning plan to understand AI large language models from scratch - the stuff that #chatGPT is built on.
2. I'm also talking about the heavy workload of pentests and appsec assessments from this past week.
Read 5 tweets
Jan 26
Wanna build the next ChatGPT?

Here's a 6 month learning plan for AI large language models (LLMs) from scratch.

(thread)
1. Familiarize yourself with basic machine learning concepts and Python programming.

Books:

1.1. Introduction to Machine Learning with Python by Andreas Müller and Sarah Guido

1.2. Python Machine Learning by @rasbt
2. Learn about natural language processing (NLP) and its applications.

Books:

2.1. Speech and Language Processing by Daniel Jurafsky and James H. Martin

2.2. Natural Language Processing with Python by Steven Bird, Ewan Klein, and Edward Loper
Read 8 tweets
Jan 22
Top Python Libraries used by Hackers

(thread)
1. socket: A library that provides low-level core networking services.
2. scapy: A powerful interactive packet manipulation library and tool.
Read 10 tweets
Jan 21
Look for these file extensions in your pentests and appsec assessments.

(thread)
1. .env - commonly used to store environment variables, including sensitive information such as passwords and tokens.
2. .yml/.yaml - commonly used in configuration files for software written in programming languages like Ruby, Python and JavaScript.
Read 13 tweets
Jan 20
In this week's newsletter:

- iOS Pentesting | ChatGPT my Teacher | Recon -

(thread) Image
1. How I'm using ChatGPT as a virtual teacher. And of course, how you can use it too.
2. My greatest pentesting challenge for this week.
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(