Библиотека хакера | Hacking, Infosec, ИБ, информационная безопасность

📝 Промпт для эксплутации SSRF-уязвимости

Чтобы эксплуатировать SSRF быстрее и эффективнее, используйте этот промпт для ChatGPT, Claude, Gemini или Grok:

I'm conducting an authorized penetration test focused on identifying and exploiting Server-Side Request Forgery (SSRF) vulnerabilities in a client's web application. Generate 5 advanced SSRF payloads capable of bypassing
common SSRF protections. The web app has basic SSRF mitigations like IP blacklisting, URL filtering (blocking keywords such as "localhost., "127.0.0.1", and internal IP ranges), and strict URL parsing. Basic payloads (e.g., http: //127.0.0.1) have already failed. Clearly list each payload on a single line. Immediately afterward, provide a brief explanation of the specific protection the payload aims to bypass. I am already familiar with the basics of SSRF
attacks, so please avoid generic explanations. Focus strictly on creative payload crafting. Payloads should cleverly leverage URL obfuscation techniques, DNS rebinding methods, or URL parsing anomalies to maximize the chance of bypassing security controls.

⚡️ Используете ли вы AI-модели в работе? Поделитесь в комментариях 👇

🐸Библиотека хакера #буст

Please open Telegram to view this post

VIEW IN TELEGRAM

👍4👾1

www.tgoop.com/hackproglib/3996

2K viewsMar 20 at 08:31

📝 Промпт для эксплутации SSRF-уязвимости

Чтобы эксплуатировать SSRF быстрее и эффективнее, используйте этот промпт для ChatGPT, Claude, Gemini или Grok:

I'm conducting an authorized penetration test focused on identifying and exploiting Server-Side Request Forgery (SSRF) vulnerabilities in a client's web application. Generate 5 advanced SSRF payloads capable of bypassing
common SSRF protections. The web app has basic SSRF mitigations like IP blacklisting, URL filtering (blocking keywords such as "localhost., "127.0.0.1", and internal IP ranges), and strict URL parsing. Basic payloads (e.g., http: //127.0.0.1) have already failed. Clearly list each payload on a single line. Immediately afterward, provide a brief explanation of the specific protection the payload aims to bypass. I am already familiar with the basics of SSRF
attacks, so please avoid generic explanations. Focus strictly on creative payload crafting. Payloads should cleverly leverage URL obfuscation techniques, DNS rebinding methods, or URL parsing anomalies to maximize the chance of bypassing security controls.