In this video I demonstrate how a Server-Side Request Forgery (SSRF) attack works, including how a Cross-Site Port Attack (XSPA) looks like in Wireshark, and I also cover the installation of XVWA.

There’s a lot to learn in this video if you look closely, as I cover a bit more than just the basics of SSRF.

Disclaimer: Explicit written permission should be obtained if you are going to test a system that you do not legally own. A lot of websites have a “bug bounty program” these days, which allow you to test websites of big companies, as long as you follow their pentest engagement rules. (Refer to e.g. HackerOne)

Special Thanks:
– Josh (First elite supporter!)

– VMware (
– Kali Linux (
– XVWA (
– Google Docs Sheet:

Stay tuned and subscribe for upcoming video about various types of hacks!

Twitter: @CrazyDaneHacker