Please on Open redirection

web-app
1

How can i find vulnerability of big website like gle,ybe to make it redirect to somewere.
like openredirect

2

well, there is no straightforward way u need to find it :wink:

read privous reposrts from websites like hackerone , read blogs etc and lean

3

do you some docks or can you share some light on it. i have py script to get the redirection but to get the target is the problem

4

responce from gemini :thought_balloon:

An open redirect is a security vulnerability that occurs when a website redirects a user to an external URL that is provided as a parameter in the initial URL, without proper validation. Attackers can exploit this to lead users to malicious websites for phishing or malware installation.

Identifying Potential Vulnerabilities

The first step is to identify areas where a website might be using redirects. Look for URLs that contain parameters that appear to be controlling the destination of the redirect.

Commonly, these parameters have names like:

  • url=
  • redirect=
  • next=
  • dest=
  • rurl=
  • returnTo=
  • continue=
  • q=

For example, you might see a URL like this:
https://www.example.com/login?redirect=https://www.example.com/dashboard

Manual Testing Techniques

Once you’ve identified a potential redirect parameter, you can start testing it manually.

  1. Simple Redirect: Try changing the parameter’s value to an external website you control.

    • Original: https://www.example.com/login?redirect=https://www.example.com/dashboard
    • Test: https://www.example.com/login?redirect=https://www.evil-site.com

  2. Bypassing Basic Filters: If a simple redirect doesn’t work, the website might have some basic filters. You can try to bypass them using various payload techniques.

    • Using a Different Protocol:

      • javascript:alert(document.domain)
      • data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4=

    • URL Encoding: Encode the characters of the external URL.

      • https://www.example.com/login?redirect=https%3A%2F%2Fwww.evil-site.com

    • Adding Subdomains: If the website only allows redirects to its own domain, try creating a CNAME record on your domain that points to a subdomain of the target website.

      • https://www.example.com/login?redirect=http://example.com.evil-site.com

    • Path Obfuscation: Use path traversal characters to try and construct a valid-looking but malicious URL.

      • https://www.example.com/login?redirect=https://www.evil-site.com//www.example.com
      • https://www.example.com/login?redirect=https://[email protected]

Automated Tools :hammer_and_wrench:

While manual testing is crucial for understanding the vulnerability, several tools can help automate the process of finding open redirect vulnerabilities.

  • Burp Suite: You can use Burp Suite’s Intruder to automate the testing of various payloads against the identified redirect parameter. The scanner can also sometimes automatically flag potential open redirect issues.
  • OWASP ZAP: The Zed Attack Proxy (ZAP) is an open-source web application security scanner that includes a scanner for open redirect vulnerabilities.
  • Arjun: A Python-based tool that can discover hidden HTTP parameters, which can then be manually tested for open redirects.

By combining these manual techniques and automated tools, you can effectively search for and identify open redirect vulnerabilities on a website.

5

can you help with dorks for looking vulnerable in search engines please