Pinchflat

Server-Side Request Forgery: How it Works

Media Tasks
Actions

Raw Attributes

Source: Code and Stuff
  • livestream: false
  • upload_date_index: 99
  • nfo_filepath: /downloads/Code and Stuff/Season 2025/s2025e120799 - Server-Side Request Forgery: How it Works.nfo
  • description: Here's a YouTube description for your SSRF video: In this video, I explore Server-Side Request Forgery (SSRF), a critical vulnerability that lets attackers weaponize your server against your own internal network. We'll build a vulnerable webhook system to demonstrate the attack, then implement multiple layers of defense including input validation, DNS rebinding protection, and dedicated proxy services. What's covered: - What is SSRF and why it matters - How webhooks become attack surfaces - Demo app with a vulnerable notifier service - Exploiting the vulnerability to access internal services - Defense strategies: validation, SafeURL, and DNS rebinding mitigation - Why IANA reserved IP ranges need to be blocked - Instance metadata endpoint attacks (169.254.169.254) - DNS rebinding attacks and time-of-check-time-of-use issues - Using dedicated proxies like Smokescreen for enterprise protection Links Screen recording software I use (affiliate): https://screen.studio/@Yy75o Demo repository: https://github.com/ChristianAlexander/vulnerable_notifier SafeURL (Elixir): https://hex.pm/packages/safeurl Stripe's Smokescreen proxy: https://github.com/stripe/smokescreen OWASP SSRF overview: https://owasp.org/www-community/attacks/Server_Side_Request_Forgery
  • id: 58682
  • uploaded_at: 2025-12-07T23:10:53Z
  • inserted_at: 2026-01-02T20:17:08Z
  • uuid: 81fffb5a-cd24-43f7-9048-ace0b4aac98e
  • last_error:
  • playlist_index: 0
  • short_form_content: false
  • predicted_media_filepath: /downloads/Code and Stuff/Season 2025/s2025e120799 - Server-Side Request Forgery: How it Works.mp4
  • media_filepath: /downloads/Code and Stuff/Season 2025/s2025e120799 - Server-Side Request Forgery: How it Works.mp4
  • original_url: https://www.youtube.com/watch?v=EWdphas_OP4
  • updated_at: 2026-01-02T21:09:28Z
  • media_redownloaded_at:
  • source_id: 24
  • title: Server-Side Request Forgery: How it Works
  • matching_search_term:
  • media_downloaded_at: 2026-01-02T21:09:20Z
  • prevent_download: false
  • thumbnail_filepath: /downloads/Code and Stuff/Season 2025/s2025e120799 - Server-Side Request Forgery: How it Works-thumb.jpg
  • media_size_bytes: 60318517
  • duration_seconds: 587
  • metadata_filepath: /downloads/Code and Stuff/Season 2025/s2025e120799 - Server-Side Request Forgery: How it Works.info.json
  • media_id: EWdphas_OP4
  • prevent_culling: false
  • subtitle_filepaths: en/downloads/Code and Stuff/Season 2025/s2025e120799 - Server-Side Request Forgery: How it Works.en.srt
  • culled_at:
Worker
State
Scheduled At
Pinchflat.Downloading.MediaDownloadWorker completed