00 — Overview

SSRF — Server-Side Request Forgery

Make the server fetch URLs on your behalf — reaching internal services, cloud metadata APIs, and systems that are completely inaccessible from the internet.

Intermediate·50 min·9 tasks

// By the end of this module

→Understand how SSRF turns the server into your proxy

→Reach internal services (metadata APIs, admin panels) via SSRF

→Bypass SSRF filters using DNS rebinding and alternative IP notation

→Escalate SSRF to cloud credential theft via IMDS endpoints

// Prerequisites

Foundation · Beginner

How the Web Works

45 min

→

Foundation · Beginner

APIs & Modern Web Apps

35 min

→