Official discussion thread for ProxyAsAService. Please do not post any spoilers or big hints.
Hi, I’ve found how to bypass http://{SITE_NAME}{url} but I get 500 internal server error when I want to access localhost. any help?
@archon do you tried to acces to localhost after ?url= ???
is this the right way to solve this challenge ?
yes. but I get internal server error.
1 Like
@archon can you explain how to bypass , cuz i was trying from 2 days and i get internal server error
Anyone who could give a hint, how to bypass url=
According to my understanding until the remote machine is not 127.0.0.1 it wont allow any internal requests. However the url= can be used and I have tried using Payloadallthings but I only get internal server error.
To understand the approach try to use netstat and check its results. It can help you to bypass localhost
Also pay attention to port, if you read the code 
Solved it, in a different manner than what may have been intended. Really fun challenge.
can you give a hint. I’m also confused. I’ve been working on it for two days. is it something other than ssrf?
Hello guys, I have a 403 Forbidden due to a network policy on Reddit side…
Update : Even with the network policy the challenge can be realized
it is an SSRF indeed but you are missing something else that should be chained to achieve an SSRF and the keyword here is redirection…
This article helped me a lot, just look for flask SSRF: (Research) Exploiting HTTP Parsers Inconsistencies
using url combination
http://1.1.1.1 &@2.2.2.2# @3.3.3.3/
1 Like
even though i m late but i would like to add hacktricks as source to learn some stuff about url bypass