SSRF Notes: An unexpected journey
This will InshaAllah be the beginning of a series of posts on my Server Side Request Forgery SSRF research journey. Why SSRF? Well, I recently came across the 3-Months Microsoft Azure SSRF research challenge and because I strongly believe there are a lot of uncharted areas in SSRF research, I decided to partake and who knows maybe I might earn myself a little bounty along the way :). Game Plan Currently, the plan is simple, get myself up to speed with the current state of the art in SSRF research by solving CTFs and freely available Lab challenges to gather some intuition and then move on to asking questions with regards to the current limitations of known exploit techniques, hopefully, I will stumble on something new. I will start with Solving Portswigger Web Security Academy Labs in this post and then other CTF challenges in the subsequent posts. PS: most of the posts on SSRF will be fast-paced it's just meant to serve as self notes for reference and to organize my thoughts L...