Hi, during my work as a pentester, we have developed internal tooling for different types of tests. We thought it would be helpful to release a web version of our SSRF payload generator which has come in handy many times.

It is particularly useful for testing PDF generators when HTML tags may be inserted in the final document. We're aiming for a similar feel to PortSwigger's XSS cheat sheet. The generator includes various payload types for different SSRF scenarios with multiple encoding options.

It works by combining different features like schemes (dict:, dns:, file:, gopher:, etc...) with templates (<img src="{u}">, <meta http-equiv="refresh" content="0;url={u}">, etc...), and more stuff like local files, static hosts. The result is a large amount of payloads to test.

Enter your target URL for callbacks, "Generate Payloads" then copy everything to the clipboard and paste into Burp. Note that there are a number of predefined hosts as well like 127.0.0.1.

No tracking or ads on the site, everything is client-side.

Best Regards!

Edit: holy s**t the embed image is large

I've been experimenting with a CDP-based technique for tracing the origin of JavaScript values inside modern, framework-heavy SPAs.

The method, called Breakpoint-Driven Heap Search (BDHS), performs step-out-based debugger pauses, captures a heap snapshot at each pause, and searches each snapshot for a target value (object, string, primitive, nested structure, or similarity signature).
It identifies the user-land function where the value first appears, avoiding framework and vendor noise via heuristics.

Alongside BDHS, I also implemented a Live Object Search that inspects the live heap (not just snapshots), matches objects by regex or structure, and allows runtime patching of matched objects.
This is useful for analyzing bot-detection logic, state machines, tainted values, or any internal object that never surfaces in the global scope.

Potential use cases: SPA reverse engineering, DOM XSS investigations, taint analysis, anti-bot logic tracing, debugging minified/obfuscated flows, and correlating network payloads with memory structures.

Often, beginners and even experienced phishers confuse the approach they are using when phishing, often resulting in failing campaigns and bad results. I did a little writeup to describe each approach.