performing-blind-ssrf-exploitation
Installation
SKILL.md
Performing Blind SSRF Exploitation
When to Use
- When testing URL/webhook input parameters where server-side responses are not reflected
- During assessment of applications that fetch external resources (avatars, previews, imports)
- When testing PDF generators, image processors, or document converters for SSRF
- During cloud security assessments to detect metadata endpoint access
- When evaluating webhook functionality and URL validation implementations
Prerequisites
- Burp Suite Professional with Burp Collaborator for OOB detection
- interact.sh or webhook.site for external callback monitoring
- Understanding of SSRF attack vectors and internal network enumeration
- Knowledge of cloud metadata endpoints (AWS, GCP, Azure)
- VPS or controlled server for advanced exploitation callback handling
- Python with requests library for automation scripts