Weaponizing BURP to work as an evil SSRF Confluence Server.
I was doing bounty on a private H1 program that interacts with various external services one of them was Atlassian Confluence and Jira.
As you know, you can run Atlassian on their cloud service at Atlassian.net, or in your own server. The Web application provided an input box to the URL and another input to the token to auth.