Don't like this style? Click here to change it! blue.css
OK, this is a place where you can now go run ahead of us and do as much websec as you want.
CAVEATI'm a noob on this product, and I used to have a friend guest lecture this topic (here's an old version) but this class is all about doing stuff you've never done and fuzzing your way through it. So let's play together this time.
Visit this site and CHANGE THE DROPDOWN to Burp Suite Community Edition
Install and all that.
Setup an account on the Postswigger academy
Let's solve the daily flag together: https://screeching-possible-talk.glitch.me/ (For convenience Password Payloads File)
OK The makers of burpsuite have a whole fleet of "labs" that act as a great training grounds.
Visit https://portswigger.net/web-security/all-labs and look around
Server Side Request Forgery is on the table whenever there is a proxy style request done on the server-side (after the firewall) which has more access to goodies than you.
The goal of an SSRF attack is to trick the server into doing a privileged attack for you.
OK Let's solve the SSRF intro lab together