1. Web Security Academy
  2. SSRF
  3. Blind
  4. Lab

Lab: Blind SSRF with out-of-band detection

PRACTITIONER

This site uses analytics software which fetches the URL specified in the Referer header when a product page is loaded.

To solve the lab, use this functionality to cause an HTTP request to the public Burp Collaborator server.

Note

You must use the public Burp Collaborator server (burpcollaborator.net).

Try Burp Suite for Free

Find SSRF vulnerabilities using Burp Suite

Try for free