# SSRF

{% embed url="<https://portswigger.net/web-security/ssrf>" %}

Query string (hidden) parameters indicating SSRF

```
?dest={target} 
?redirect={target} 
?uri={target} 
?path={target} 
?continue={target} 
?url={target} 
?window={target} 
?next={target} 
?data={target} 
?reference={target} 
?site={target}
```

Explore POST data JSON properties as well. Especially for API integration functionalities.

Bypass input validation filters with

{% embed url="<https://portswigger.net/web-security/ssrf/url-validation-bypass-cheat-sheet>" %}

use IP converters

{% embed url="<https://www.abuseipdb.com/tools/ip-address-converter>" %}

{% embed url="<https://h.43z.one/ipconverter/>" %}