performing-blind-ssrf-exploitation

Installation
SKILL.md

Performing Blind SSRF Exploitation

When to Use

  • When testing URL/webhook input parameters where server-side responses are not reflected
  • During assessment of applications that fetch external resources (avatars, previews, imports)
  • When testing PDF generators, image processors, or document converters for SSRF
  • During cloud security assessments to detect metadata endpoint access
  • When evaluating webhook functionality and URL validation implementations

Prerequisites

  • Burp Suite Professional with Burp Collaborator for OOB detection
  • interact.sh or webhook.site for external callback monitoring
  • Understanding of SSRF attack vectors and internal network enumeration
  • Knowledge of cloud metadata endpoints (AWS, GCP, Azure)
  • VPS or controlled server for advanced exploitation callback handling
  • Python with requests library for automation scripts

Workflow

Installs
60
GitHub Stars
24.2K
First Seen
Mar 15, 2026
performing-blind-ssrf-exploitation — mukul975/anthropic-cybersecurity-skills