Seems the SSRF part 1 does not work as per the guide. The response is 'Invalid Authorization'. I think its expected this will be done using a self registered user, I don't see alternate credentials for this elsewhere or referred to in the guide. The error is the same trying to upload an image as in normal, non exploitation activity.

Thanks for pointing it out. Currently, the SSRF and other API-related attacks work once the web page is refreshed/reloaded.

We will release an update soon to patch the session issue.

The bug has been fixed with #12

Hi @jeswinMathai.

I have installed the AWSGoat successfully and can login fine. I am working on the SSRF part 1, and tried to upload the payload file:///etc/passwd/. I get a 502 CORS Missing Allow Origin error everytime when trying to save to https://xxxxxxxxxx.execute-api.us-east-1.amazonaws.com/v1/save-content?value=file:///etc/passwd/

Any ideas?

Many thanks