Forum Discussion
Server-Side Request Forgery
- 9 months ago
If you take a look at the 'In this lab' section of the briefing panel, it'll give you the URL you need to access:
To test the application, they've added a remote debug service to the server, the configuration of which can be found in the root directory (http://localhost:3000/[bot-name]/config)
So, you'll need to identify the bot's name before you'll have the specific URL to try and access. You can find that information on the homepage of the application 🙂
I have already attempted to capitalize each character individually on the endpoints '/lookup?url=http://localhost:3000' and '/lookup?url=http://localhost:3000/online'. Am I using the correct endpoints?
If you take a look at the 'In this lab' section of the briefing panel, it'll give you the URL you need to access:
To test the application, they've added a remote debug service to the server, the configuration of which can be found in the root directory (http://localhost:3000/[bot-name]/config)
So, you'll need to identify the bot's name before you'll have the specific URL to try and access. You can find that information on the homepage of the application 🙂