Detect and exploit blind Server-Side Request Forgery vulnerabilities using out-of-band techniques, DNS interactions, and timing analysis to access internal services and cloud metadata endpoints.

mukul975/Anthropic-Cybersecurity-Skills|Updated May 25, 2026

Works with

Claude CodeCursorClineWindsurfCodex

Installation Guide

Select your AI agent

How to use performing-blind-ssrf-exploitation on Cursor

AI-first code editor with Composer

Prerequisites

Before installing skills in Cursor, ensure your development environment meets these requirements:

›Cursor installed and configured on your machine
›Node.js 16+ with npm — verify with node --version
›Active project directory where you want to add performing-blind-ssrf-exploitation

Run the install command

Execute the skills CLI command in your project's root directory to begin installation:

$npx skills install mukul975/Anthropic-Cybersecurity-Skills/performing-blind-ssrf-exploitation

Fetches performing-blind-ssrf-exploitation from mukul975/Anthropic-Cybersecurity-Skills and configures it for Cursor.

Select Cursor when prompted

The CLI shows a list of agents. Use arrow keys and space to select Cursor:

◆ Which agents do you want to install to?

│

│ ── Universal (.agents/skills) ────────────────

│ · Cline · Codex · Goose · Windsurf

│ ●Cursor(selected)

│ · Cursor · Aider · Continue

Verify installation

Confirm successful installation by checking the skill directory location:

.cursor/skills/performing-blind-ssrf-exploitation

Restart Cursor to activate performing-blind-ssrf-exploitation. Access via /performing-blind-ssrf-exploitation in your agent's command palette.

⚠

Security Notice

We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.

Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.

›View source on GitHub ›Skills CLI docs ›About Cursor ›What are agent skills?

Documentation

List & Monetize Your Skill

Submit your Claude Code skill and start earning

Get started →

Use Cases

Task Automation & Efficiency

Automate repetitive workflows and reduce manual effort

Example

Generate reports, summarize documents, draft communications

✓

Save 3-5 hours per week on routine tasks

Knowledge Enhancement

Learn new skills, understand complex topics, get expert guidance

Example

Explain concepts, provide examples, suggest learning resources

✓

Accelerate learning and skill development by 2x

Quality Improvement

Enhance output quality through reviews, suggestions, and refinements

Example

Review drafts, suggest improvements, catch errors

✓

Improve work quality by 30-40% with less effort

name	performing-blind-ssrf-exploitation
description	Detect and exploit blind Server-Side Request Forgery vulnerabilities using out-of-band techniques, DNS interactions, and timing analysis to access internal services and cloud metadata endpoints.
domain	cybersecurity
subdomain	web-application-security
tags	- blind-ssrf - ssrf - out-of-band - burp-collaborator - cloud-metadata - internal-network - oob-detection
version	'1.0'
author	mahipal
license	Apache-2.0
nist_csf	- PR.PS-01 - ID.RA-01 - PR.DS-10 - DE.CM-01

Concept	Description
Blind SSRF	Server makes request but response is not visible to attacker
Out-of-Band Detection	Using external callbacks (DNS, HTTP) to confirm SSRF execution
DNS Rebinding	Technique to bypass IP-based SSRF filters by changing DNS resolution
Cloud Metadata	Instance metadata endpoints accessible via SSRF for credential theft
Gopher Protocol	Protocol allowing crafted payloads to interact with internal TCP services
Time-Based Detection	Detecting SSRF success by measuring response time differences
SSRF Chain	Combining SSRF with other vulnerabilities for greater impact

Tool	Purpose
Burp Collaborator	Out-of-band interaction server for DNS and HTTP callback detection
interact.sh	Open-source OOB interaction tool by ProjectDiscovery
SSRFmap	Automated SSRF detection and exploitation framework
Gopherus	Generate gopher payloads for exploiting internal services via SSRF
webhook.site	Free webhook receiver for testing SSRF callbacks
rebinder.net	DNS rebinding service for bypassing SSRF IP filters

performing-blind-ssrf-exploitation

Installation Guide

How to use performing-blind-ssrf-exploitation on Cursor

Prerequisites

Run the install command

Select Cursor when prompted

Verify installation

Security Notice

Documentation

List & Monetize Your Skill

Use Cases

Task Automation & Efficiency

Knowledge Enhancement

Quality Improvement

Install Skill

Performing Blind SSRF Exploitation

When to Use

Prerequisites

Workflow

Step 1 — Identify Blind SSRF Input Points

Step 2 — Confirm Blind SSRF with Out-of-Band Detection

Step 3 — Enumerate Internal Network

Step 4 — Access Cloud Metadata Endpoints

Step 5 — Bypass SSRF Filters

Step 6 — Escalate Blind SSRF to Data Exfiltration

Key Concepts

Tools & Systems

Common Scenarios

Output Format

Implementation Guide

Best Practices

When to Use This

Learning Path

Related Skills

performing-cryptographic-audit-of-application

exploiting-deeplink-vulnerabilities

implementing-soar-playbook-with-palo-alto-xsoar

analyzing-network-traffic-with-wireshark

scanning-docker-images-with-trivy

generating-threat-intelligence-reports

Reviews

Discussion