Server-Side Request Forgery (SSRF) | Complete Guide

Подписаться 77 тыс.

Просмотров 64 тыс.

50% 1

In this video, we cover the theory behind Server-Side Request Forgery (SSRF) vulnerabilities, how to find these types of vulnerabilities from both a white box and black box perspective, how to exploit them and how to prevent them.
▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬
Buy my course: bit.ly/30LWAtE
▬ 📖 Contents of this video 📖 ▬▬▬▬▬▬▬▬▬▬
00:00 - Introduction
00:30 - Web Security Academy Course (bit.ly/30LWAtE)
01:42 - Agenda
02:36 - What is a SSRF vulnerability?
18:13 - How to find SSRF vulnerabilities?
26:50 - How to exploit SSRF vulnerabilities?
41:23 - How to prevent SSRF vulnerabilities?
45:42 - Resources
46:42 - Thank You
▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬
Video slides: github.com/rkhal101/Web-Secur...
Web Security Academy: portswigger.net/web-security/...
OWASP - SSRF: owasp.org/www-community/attac...
Server-Side Request Forgery Prevention Cheat Sheet: cheatsheetseries.owasp.org/ch...
SSRF Bible Cheat Sheet: cheatsheetseries.owasp.org/as...
Preventing Server-Side Request Forgery Attacks: seclab.nu/static/publications...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!: www.blackhat.com/docs/us-17/t...
Rana's Twitter account: / rana__khalil
Hacker Icons made by Freepik: www.freepik.com

Наука

Опубликовано:

3 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 62

@davidlakomski3919 Год назад

Just picking a random video from your channel to tell you that you're doing a marvelous teaching job! You managed to explain very complex topics in a very gentle and simple way, I hope I could one day reach a tenth of your teaching quality. Congratulations and thank you so much for your work

@RanaKhalil101 Год назад

Thank you! I appreciate the kind words ❤

@rongliao9255 5 месяцев назад

Look forward to more great tutorials! One of the best and comprehensive talks on this subject!

@emrah2525 9 месяцев назад

Thank you Rana ! I really appreciate your effort. These videos are really wonderful

@anjulgrover2114 Год назад

Great teacher and very well taught .... Explained very well.

@PhilocyberWithRichie Год назад

Great video and explanation Rana! thanks for sharing this high quality content!!!

@spsumon1298 2 года назад

Your videos are much awaited.Please upload videos continuously❤❤❤❤❤❤❤❤❤

@zuberkariye2299 2 года назад

Amazing vid, shukran sis!

@JohnSmith-wz7he 2 года назад

Totally Awesome! Thank you !

@zTech300 2 года назад

Was waiting for this.

@MAX-nv6yj Год назад

أحبك في الله يا أختي والله سهلتي علي المعلومات بصورة جميلة وواضحة بارك الله فيك وجزاك الله كل خير على هذا الشرح الرائع والمتميز

@Sec1515 Год назад

This is superb, thank you so much!!

@buttslaya 2 года назад

Have you considered starting a patreon? You're a great teacher, I think people would be willing to support you through that route as well

@tullacss 5 месяцев назад

I have watched a couple of videos, but I struggled to grasp the meaning of SSRF. However, after watching your video, I gained a much clearer understanding. Jazakallah khairan, sister Rana 🤲

@RanaKhalil101 2 года назад

Don't want to wait for the weekly release schedule to gain access to all the videos and want to be added to a discord server where you can ask questions? Make sure to sign up to my course: bit.ly/30LWAtE ✨✨

@francisdonald4298 2 года назад

Learning pentest is there need for programming???

@chrisfx9097 2 года назад

@@francisdonald4298 Not necessarily but it will help you understand better and learn faster. If you're pentesting a web application and you want to perform an SQL injection attack, you'll need to 'at least', understand the syntax of PHP and how SQL is used to query a database.... If you're doing an XSS attack, you'll need to understand JAVASCRIPT.

@NoobJang 7 месяцев назад

thx for the video, it really clarified my knowledge on SSRF. Thankyou so much for making this video, you are a great teacher. Consider making a patreon like the guy down below said.

@josephgitahi2090 Год назад

This is awesome just saw you on David Bombal and I can see why such a great tech name recommends you. Great work👍

@macleo7825 2 года назад

Thanks for the video

@manbeats6702 2 года назад

Need Videos For Every Portswigger Labs Ur Videos are easily understandable

@JuanBotes 2 года назад

thanks for the content

@ghinwabadawi983 3 месяца назад

cant stop watching your videos and learning! you make learning these complex subjects so easy! i just subscribed to your course to do more hands-on 😊😊

@RanaKhalil101 3 месяца назад

Thanks Ghinwa!

@sawtintkyaw887 2 года назад

Thank you so much.

@ex0day 2 месяца назад

great job!!! you Rock!!

@masicre9574 2 года назад

Mam please upload more videos on client side and server side attacks....Your videos are much awaited...Please upload videos on XSS soon...waiting for that

@howandwhythingswork 2 года назад

Thank you

@SecurityTalent 2 года назад

Thanks sister....

@suresh_shankar 8 месяцев назад

good explanation

@brunosm0 2 года назад

thank you, gracias Rana

@ahmedramadan9550 4 месяца назад

thank youuuu

@alaaalmekdad9062 7 месяцев назад

great rana but i hope u can do this in arabic version for arab white hat hackers . im so glad to see u in youtube and i will support u cuz u deserve that , big thanks and i wait a lot from u ! ty

@Dy13yDx Год назад

precious one

@texashighered9539 5 месяцев назад

U r the best.

@yassers1893 2 года назад

Thank you, it is awesome… can you advice us about oscp certification?

@steiner254 Год назад

Awesome

@nibeditadhani6149 2 года назад

kindly share a video on XXE attack

@Shintowel Год назад

Makasih rana

@sinanajarha6712 2 года назад

One of the most precise and well-organized videos I have ever seen. Unfortunately, I'm from Iran otherwise I would definitely get your course. is there any way I can get it?

@dub161 5 месяцев назад

Thanks for making this. Can you please change auto generated subtitles from Indonesian to English?

@uaebikers Год назад

Theory is a torture😅 Time for practical

@SceneRewind Год назад

What network diagram do you know to draw?

@quyenthokimquang8682 Год назад

Hi madam, thank you for your great content, I have a question that at 07:47, you talked about clicking on add items or delete items is an external request that will be blocked by the firewall. I just wonder why that is the case? Thank you again because your videos are giving me a lot of useful knowledge.

@alexandreromao7978 Год назад

Hello Quyen. In the "real word", real work environments often block external ip addresses from accessing internal systems and its functionalities. Imagine a monitoring system functionality inside a network that requires no authentication, for disaster recovery purposes. As it represents a risk, it can only be accessed internally by administrators. As so, if you make a request to the service, you will get blocked (e.g. firewall). WIth SSRF, you are tricking the actual application to make that request to his own server, through the loopback network interface, and as so, it is not you requesting, but the vulnerable application hosted in the server. As it is allowed to access internally, you have access. The same with "Add Items".

@SomLegends 2 года назад

Rana SSRF lab 4-8 is hidden we can not wach it

@arbazalam2005 2 года назад

Hello ma'am it's my request please make a playlist on xss please ma'am it's my humble request please understand my above state

@lorrainenewton2338 2 года назад

I love you sist

@bhanupratapsinghtomar551 2 года назад

🤩😍

@moustafaahmed5609 2 года назад

can you change auto-generated subtitle in English instead Indonesian, please?

@Shintowel Год назад

Love u

@hackingetico1 Год назад

Todo esto es casi igual al sistema bug bounty

@poiuymnbvc8339 11 месяцев назад

mam, can you make course for xxs ?

@youssefwaheed4165 3 месяца назад

There are a slides on her githup

@ca7986 Год назад

🙏👌

@TheBashir007 Год назад

Sisterrrrrrrrrrrr u are amazinggggggggggg Jazakallah Made some bucks out of your video Some bucks wink wink

@-videoworldfadi8464 2 года назад

Want talk toghether

@rohitchhimpa901 Год назад

make audio clear

@anrstudio9916 Год назад

Good content but terrible voice 😨😨😨

@muninitishkumaryaddala7814 Год назад

Hi Ma'am. I follow your videos. The content is great in all your videos. In this video particularly, I felt that DNS rebinding could have been explained in a more clearer way as this is my first time encountering it. Just a feedback from my side. I hope this helps you in making your content better someway.