Don't make random HTTP requests. 

This is the BEST explanation of SSRF I've ever heard and I finally understand it now. Thank you.

This channel is heavily underrated

the funny thing about this channel is that it always flew under my radar because i thought by the graphics in the thumbnails that it wouldn't dive too deep into the topics. I guess I'll never judge a book by its cover again. Real nice vid, keep it up!

I swear i've heard someone jokingly say "CRLF injection" before, and although i've seen that fuck with UI only intended for single lines (chat text boxes in some games, Muck for example and you can impersonate others in chat), but i never thought it would be an actual security vulnerability in a real application that can actually cause damage without another human element lol

I love this videos. Every time I see one I understand around 30% of what he's saying but I'm still watching 'till the end.

Just found your channel and I think it's heavily underrated. Keep making more videos plz, even tho I don't do security stuff myself I find it really interesting and your explanations are super easy to understand for noobs like me too. Love it!

11:50 rubocop reported that line for a reason apparently.

Great video, thank's for introducing SSRFs in a practical, hands on and easy to understand way.

So remember when connecting to random URLs: Either bind your client to an IP which only has public internet access (i.e. via firewall settings); Use a client library which has an option to only connect to public addresses (or can do so via an access control callback); Or funnel all the requests through a proxy which denies access to any internal addresses.

Really great video. I love your editing skills, so slick, nice job.

I'm constantly surprised by the amount of languages and frameworks that allow executing any string you give them

This one is definitely make my day...!

this channel is as good as it gets man, props

I was in the middle of this video, but I set it down and when I came back, the video was off youtube. Glad to see its back so I can finish it lmao

Cool video, and your english is terrific. I almost didn’t notice that you weren’t a native english speaker.

2:38 Hold-up a second. That’s a Python REPL, but my god it’s beautiful. How was this magic accomplished?!

"Kinda like, you know, when you were young and you want those beers but you were underage" No, sir, I dont. I'm an European

Amazing work my brother! Lots of Love! Keep making awesome contents like this.

Thank you for these explanations. I was waiting for a video on this type of problem. Your diagrams and your speech (rather slow) are a plus for me which sucks in English: ').

FINALLY guys he uploaded!

Self generated code execution is considered a extremely useful feature in interpretive languages, and I don't see it disappearing. However one does wonder if it's a fools errand arising out of lazy thinking. You can add a lot of power for very little effort this way but the unnoticed security envelope (usually) requiring executable code to sit in OS protected memory is bypassed in any kind of interpreter. This violates the implied security model of the Von-Neuman/Harvard architectures. So the security model never taking into account interpreters is actually responsible for the problem to start with. Browsers should never have been enabled to run interpreted scripts either (go ahead and laugh, but I'm deadly serious). I was pretty amazed when HTML appeared in the 1980s as uncompiled & unencrypted, but when Netscape introduced Javascript I pretty well fell off my chair. My suspicions were confirmed when I subsequently learned HTML was invented by a self taught non-computer professional. The danger of interpreters were already quite apparent to me after just 4 months into my IT career on the DecSystem-10. The TECO editor (aka 'vi') used a privileged operation that could allow TECO code to receive passwords in a fake login attempt. Only a privileged program like TECO could do this, but TECO was an editor with its own interpretive language. All SSRFs work this same way. Interpreters that allow (new) code execution are a really really bad idea. There is simply no need for it, although, its makes a FEW difficult things much much easier without having to write code for, at the expense of violating the fundamental computer architecture security model.

I have been waiting for a new video from this channel. Very good content and explanation, nice animation and voice

I am from a software engineering background got interested in cybersecurity too now.

One of the reasons you should enable password authentication on your Redis and separate your automation from your environments. Here is one of the biggest risk in some companies, having a central user that has admin access to an entire Kubernetes or ECS cluster. If the credentials or token of this user becomes compromised, the attacker will essentially have full control over your entire cluster. We should probably also separate hackers into 2 categories: - People who want to do damage - People who want to gather valuable information *Hacker (Gatherer)* Large quantities of categorized accurate data is extremely valuable. Many companies big or small store general user data, such as overall sales data to determine which products does a majority of their clients like and try to cater to the larger audience. There are usually big data based systems that uses these datasets to build statistical models to help make sense of a majority of this data. Now for the hacker gathering data, if they somehow got a hold of these datasets, they could sell it to the competitors of the company they stole from, thus now using that data to push specific products out to the same customers faster, making themselves look better. A strange strategic tactic of stealing another company's customer base. *Hacker (Attacker)* The common malicious Attacker could attempt a similar thing but with a different route. They can simply be paid by a company to shut down or to compromise their competitors. For one if they somehow got access to those same datasets, they could simply permanently delete that data, crippling the vision of the competitor. When a company does not know whats happening in their own sales, they may bring out products that the clients won't buy, costing the competitor insane amounts of lost revenue. Or if the attacker somehow got access to the system, they could be paid by a company to simply cripple critical systems of their competitor. If the competitor can't make sales or has a crappy service, then the customer base would most likely flock to whatever works. *Conclusion* Think of it this way, if you suddenly can't use Google, what other search engine would you use? Probably bing or duckduckgo, right?

Welcome back Hope you fine and dandy?

You give me such LiveOverflow vibes haha I like it

where are the comments?

3:07 “there is an old talk, but still great” Talk is from Jan 9, 2020 👀 … one really has to awe that in tech we move so fast that a year old talk is considered old. Borderline outdated. Now the doctors office that happily works with best practices learned at college 15 years ago needs to defend against this world. 😅 ehm… yeah, my bet is on black

Your channel has helped me out greatly. Tysm!

hey man we are waiting for the binary exploitation series !

at 12:53 you are giving redis port 6379 but in terminal when you check at 13:18 port number is 1337 that it is connected to could you please explain this

Probably the Best Explanation So far, Thanks bud

Good vid bud, thanks for making it! And have a nice day

This video somehow shows as uploaded 6 months ago. Good explanation

I finally understand why Roblox doesn’t allow requests to their own domain through Roblox game servers.

Este compa es la pinga, me fascinan tus vídeos

This is top tier contents, keep it up!!!!

Isn't the JSONified class also insecure deserialization? Ruby executes whatever it sees in the function of that class, so that is insecure deserialization right? The complete vulnerability chain in this case would then be SSRF + CRLF + Insecure Deserialization

How did you get the docs in your Python REPL at 2:44?

Any chance you can cover the Twitch hack? Would be nice to get some more info there

I love your videos. keep your work up it's amazing.

my brain is to dumb to process this

“I just learned ruby last night” LMAOO hard flex

cool! very inresting, i feel a little smarter already, thx ;)

Really enjoying your channel my friend. Keep it up

Awesome as usual like Fireship 😁

Keep it up! Love your videos

Excellent explanation earned my follow!

Hello, I would like to know if there is a way to predict the semi-random numbers to get profits from betting applications and semi-crash??😢

you have such quality content but you should upload more

if i had found this channel when i was highschool i'd have ended up going to juve

I didn't ask people to buy my booze. I did beer runs

Quality content

Great video my friend! ❤️

a guy made a video of bed trapping someone but he forgot to censor about 1 or more frame(s), the guy is lucky i wont use his (idk what) for any bad

Your content is really good , also animation is great. It'll be great if you make a video on how you research all this thing , how to approach the research and what sources are best.

Oh my, this was an insightful one :D

Finally a new video :D

All the comments are gone :( At least the video is back!

Keep it up that's amazing thank you

Great video as always! Could you please send the link of the github repo with the SSRF examples?

Dumb question and not really related to the topic but: Is there a tool to make isometric graphs like at around 2:00? That looks pretty neat.

Along side the newline injection vulnerability, it seems Redis should abort the connection the moment it gets an invalid line. This likely would have also prevented this particular exploit.

Dude i dont usually share any video or Channel but you man u are fucking Gold keep up good luck

So this is basically... An HTTP injection attack?🙈

sigh ... Why the heck are SSRFs are still possible? It's 2022 for ducks sake!

Im new to this stuff and learning, but what is the difference between an SSRF and a CSRF? Thanks for the knowledge!

the netcat technique was great, would u make a video on all the use cases it enables ?

When I was still a teenager I found out that a website I used for an online game could be used to send e-mails to anyone AS anyone registered on the website. I never reported it because it never occurred to me how big of a deal that is at the time, and I forgot to write down how I did it, which goes against the whole "it's not science if you don't write it down" belief I've been operating on for the past 16 or so years ;/

Just want to know, what terminal shell/extensions are you using?

i died when u compared sitting out side of the liqour store to ssrf

Wait that outro... It sounds... Familiar...

Redis does not requires authentication ?

Old talk ?? It was like 16 months old when this vid was made

Back from the dead!

Nice video! But it's not "random HTTP requests" if it's the Git protocol 🤔

As a hello-world engineer, I cannot fully get what this video means, but I know this is good. What should I learn in order to understand this video?

ok, so... just route all "external-origin" url requests through adapters that only lead directly outside ... ? - essentially, through the "public-ip router" ...

Which of the Community Guidelines did this allegedly violate?

Great content, subbed! 🐧

Finally waited so long for this video

Cn I ask you what's the tool that you used for the diagram In 1:52 ?

I got the person who is responsible for server down of Facebook 😂

yo bro ho does every body got free websites.. of course not every one have wifi and money so how can they create a server for free.. please answer my question and tell me how can I build a server (linux) for free

What tool do I need to make visualization like the one at 1:53?

Bro, you're a legend.

can you demo how we bypass ssl pinning windows application?

Where are the videos? Did you forgot you have a channel? I'm waiting new content :(

just found your channel. thought you're liveoverflow brother or something

Great video, thank you.

Timestamp 11:41 - comment disabling the security lint check for the loooze

Excellent video!

this is helpful

I kinda feel bad for LiveOverflow, He suggested your channel and now I am binge watching yours and haven't watched his in a while xD

I like penguins

Nobody is SAFE!

YOU ARE THE REAL MVP.

thank you for your great video. it's interesting because the server can't determine raw string and operators...

6 Gatorades :)

What do you mean? Random HTTP requests give you the most useful results! Fuzzing is a whole thing that people do.