Hey everyone, this side Sidharth Today topic is how to hunt URL redirection vulnerability / Open redirection vulnerability. I will describe/practical demonstration you step by step overview in very easy language. so, stay tuned with my blog.
URL Redirection Vulnerability also referred as open redirection vulnerability.
It is used as part of phishing attack.
Find any url parameter having some kind of tendency to redirect anywhere
#The common parameter to find URL redirection vulnerbility
redirect, uri, path, continue, url, windows, to, out, view, dir, show, navigation, open, file, val, validate, domain, callback, return, page, feed, host, port, next, data, site, html
#How to find this parameter to hunt vulnerability
first you need burp suite professional/community version and setup proxy on it as well as browser and see traffic intercept into the burp Suite or not.
then, you need to spider the host /website to gather all parameter.
sort according to parameter to find /achieve this vulnerability!
#URL redirection on path fragments
any.com/bing.com
any.com//bing.com
any.com/payloads
#URL redirection through get parameter
let imagine a scanario we have one subdomain( example.example.com)
open burpsuite capture intercept amd spider the host and click on parameter. click those parameter which have redirection value and sent to repeter tab and change the path fragment parameter to bing.com.
if example.example.com redirect to bing.com sucess got Url /open redirection vulnerebility.
Although, thanks for reading article — kidnapshadow✨🔥✌
If you want to follow then, follow me on Instagram medium and twitter….
Blogger: — https://kidnapshadow.blogspot.com/
Twitter: — https://twitter.com/kidnapshadow_kd
Medium: — https://medium.com/@UCpLuQFT-R3zA_bLi...
GitHub: — https://github.com/kidnapshadow-sidha... subscribe on YouTube.
Post a Comment