Bug Bounty Tip: Webhook "Test Endpoint" features are a prime SSRF target. The server makes an HTTP request to a user-supplied URL to "verify" or "test" it — exactly what happens when you click Send Test Event below.
Your Endpoints
https://hooks.example.com/payments
payment.received, invoice.paid · Created 2024-01-15
Active
https://myserver.internal:8080/events
user.created, user.deleted · Created 2024-02-20
Inactive
Recent Delivery Attempts
No test events sent yet. Use the form on the right to send one.
Send Test Event
Where Bug Hunters Find This
- Webhook "Test Endpoint" buttons
- URL validation / URL preview features
- PDF generators, screenshot tools, link expanders
- API integrations that fetch user-supplied URLs
- OAuth callbacks, SAML integrations
- Import-from-URL features (RSS, OPML, images)