Blind SSRF with out of band detection

Description

This site uses analytics software which fetches the URL specified in the Referer header when a product page is loaded.

To solve the lab, use this functionality to cause an HTTP request to the public Burp Collaborator server.

note: You will need Burp suite Professional for this lab.

Approach

After accessing the lab, I followed the provided instructions almost immediately. I navigated to the products page and clicked on a product to view it. Then, I used Burp Suite to intercept the request and forwarded it to Repeater for further analysis.

Next, I accessed Burp Collaborator and copied the payload to the clipboard. Returning to Repeater, I pasted the payload into the Referer header or I can do that by selecting the header, right-clicking, and choosing 'insert collaborator payload'.

fter sending the request with the updated Referer header, I checked Burp Collaborator and found three requests present, confirming successful exploitation of the lab."