SSRF Web Exploitation Resources Guides New Era of SSRF (orange tsai) Server Side Browsing Considered Harmful IP Blacklisting Bypasses SSRF Bible AWS meta-data Rhino AWS meta-data 1 Rhino AWS meta-data 2 Rhino AWS Privilege Escalation ssrf payloads (gold) Post SSRF SSRF Tips (x|7dev) Blind SSRF Chains (assetnote) related: https://github.com/assetnote/blind-ssrf-chains rebind my first rebind DNS Rebinding Headless Browsers / DREF (f-secure) dref bypass same origin policy - BY-SOP Perl cgi exploitation hacking cgi Writeups SSRF in Exchange leads to ROOT access in all instances Vimeo SSRF with code execution potential. Elastic Bean Stalk Web Shell owning the clout through ssrf and pdf generators - nahamsec and cody brocious Pivoting from blind SSRF to RCE with HashiCorp Consul