Filters and Bypasses - Rare IPv4 Formats for SSRF
5 minute read Published:
A short description of the many ways there are to write down an IP address, along with an online IP address encoder that will create alternative representations for any IP you enter. Useful for filter bypasses when testing for SSRF.
Many applications these days do network requests on behalf of their users. For example, it is often possible to define webhooks, where users can specify URLs to which a server shall send HTTP requests when certain events occur. Other applications may allow uploading images by URL or they may generate PDFs from HTML rendered server-side, which could contain URLs (see here). In all these examples, users provide input to specify the destinations of server-side network requests.