About 51 results
Open links in new tab
  1. portswigger.net
    https://portswigger.net › web-security › ssrf

    Server-side request forgery (SSRF) - PortSwigger

    In this section we explain what server-side request forgery (SSRF) is, and describe some common examples. We also show you how to find and exploit SSRF vulnerabilities.

  2. portswigger.net
    https://portswigger.net › web-security › learning-paths › ssrf-attacks

    Server-side request forgery (SSRF) attacks - PortSwigger

    This learning path teaches you about server-side request forgery (SSRF). You'll learn about its impact, common techniques used in attacks, and how to defend against them.

  3. portswigger.net
    https://portswigger.net › burp › documentation › desktop › testing-workflow › v…

    Testing for SSRF with Burp Suite - PortSwigger

    Jan 16, 2026 · Server-side request forgery (SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make requests to an unintended location.

  4. portswigger.net
    https://portswigger.net › web-security › ssrf › blind

    Blind SSRF vulnerabilities | Web Security Academy - PortSwigger

    In this section, we'll explain what blind server-side request forgery is, describe some common blind SSRF examples, and explain how to find and exploit blind SSRF vulnerabilities.

  5. portswigger.net
    https://portswigger.net › burp › documentation › desktop › testing-workflow › v…

    Testing for SSRF vulnerabilities with Burp Suite - PortSwigger

    Jan 16, 2026 · Server-side request forgery (SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make requests to an unintended location.

  6. portswigger.net
    https://portswigger.net › web-security › llm-attacks

    Web LLM attacks | Web Security Academy - PortSwigger

    At a high level, attacking an LLM integration is often similar to exploiting a server-side request forgery (SSRF) vulnerability. In both cases, an attacker is abusing a server-side system to launch attacks on …

  7. portswigger.net
    https://portswigger.net › web-security › ssrf › lab-basic-ssrf-against-localhost

    Lab: Basic SSRF against the local server - PortSwigger

    Visit a product, click "Check stock", intercept the request in Burp Suite, and send it to Burp Repeater. Change the URL in the stockApi parameter to http://localhost/admin.

  8. portswigger.net
    https://portswigger.net › web-security › csrf › xss-vs-csrf

    XSS vs CSRF | Web Security Academy - PortSwigger

    CSRF can be described as a "one-way" vulnerability, in that while an attacker can induce the victim to issue an HTTP request, they cannot retrieve the response from that request.

  9. portswigger.net
    https://portswigger.net › web-security › learning-paths › csrf

    Cross-site request forgery (CSRF) - PortSwigger

    Back to all learning paths PRACTITIONER Cross-site request forgery (CSRF) This learning path covers CSRF (Cross-Site Request Forgery). You'll learn about some common CSRF vulnerabilities, and …

  10. portswigger.net
    https://portswigger.net › web-security › all-labs

    All labs | Web Security Academy - PortSwigger

    Server-side request forgery (SSRF) LAB APPRENTICE Basic SSRF against the local server LAB

Content was generated with AI. Learn more