I am tasked to record a lesson for my students about path traversal SSRF (Server-Side Request Forgery) my understanding is reverse proxy’s are heavily used on big websites which have a massive attack surface.
Some weird proxy’s process requests differently at times an attacker is able to traverse out of an API call and access internal apps routing through a reverse proxy.
I am wanting to learn the following things about the things above.
- How do I get access to private endpoints?
- What are some interesting payloads to try?
- How would I be able to achieve access to internal apps?
I hope anyone on here can help me 🙂