.png)
1 week ago
37 BOOK THIS SPACE FOR AD
ARTICLE ADالسلام عليكم يصديقي لو استفدت من المقاله اذكرني في دعائك
اللهم صل وسلم علي نبينا محمد
What is the Open Redirect :
Websites often use automatic redirects to improve user experience, such as redirecting users to a login page when they try to access a restricted area. To remember where to redirect users after they log in, the site uses a redirect URL parameter. However, attackers can exploit this by tricking users into clicking on a link that appears to lead to a legitimate site but actually redirects them to a malicious page. This is called an open-redirect attack. Another method is the referer-based open redirect, where attackers use a legitimate site’s referer header to redirect users to a malicious site after they visit the legitimate site.
Step 1: Look for Redirect Parameters:
To find redirect parameters on a website, use a proxy to browse and examine the HTTP history for parameters containing absolute or relative URLs. Look for parameters like “redirect,” “redir,” “next,” or other custom names that suggest redirection. Note that some pages may redirect without explicit parameters, indicating potential referer-based open redirects. These can be identified by observing 3XX response codes in the HTTP responses.
Step 2: Use Google Dorks to Find Additional Redirect Parameters:
To find additional redirect parameters on a website using Google dorks, use search terms like “inurl:%3Dhttp site:example.com” to find absolute URLs in parameters, and “inurl:%3D%2F site:example.com” to find relative URLs. You can also search for common redirect parameter names like “inurl:redir” or “inurl:returnurl.” Note the parameters you find along with those from Step 1
The most famous Google Dork for finding open redirects is:
inurl:redir site:example.com
inurl:redirect site:example.com
inurl:redirecturi site:example.com
inurl:redirect_uri site:example.com
inurl:redirecturl site:example.com
inurl:redirect_uri site:example.com
inurl:return site:example.com
inurl:returnurl site:example.com
inurl:relaystate site:example.com
inurl:forward site:example.com
inurl:forwardurl site:example.com
inurl:forward_url site:example.com
inurl:url site:example.com
inurl:uri site:example.com
inurl:dest site:example.com
inurl:destination site:example.com
inurl:next site:example.com
Step 3: Test for Parameter-Based Open Redirect:
To test for parameter-based open redirects, insert a random or controlled hostname into the redirect parameter and see if the site redirects to that site. Some redirects may occur immediately, while others may require specific user actions (like login or logout) before redirecting. Carry out the necessary interactions before checking for the redirect.
To bypass open-redirect protection, you can exploit flaws in URL validation. Validators often fail to account for all edge cases, allowing attackers to bypass them. One approach is to use browser autocorrect features to construct URLs that redirect offsite. Another method is to exploit loopholes in the validator’s logic, such as by creating subdomains or directories with the target’s domain name. Additionally, you can manipulate the scheme portion of the URL using data URLs or by double-URL-encoding special characters to induce an open redirect. Furthermore, inconsistencies in decoding non-ASCII characters can be exploited to bypass URL filters. Combining these techniques can help bypass more-sophisticated URL validators.
You can try these techniques that will help you
https://target.com/login?redir=https://target.com@attacker.com/target.com
https://target.com/login?redir=https://target.com.attacker.com/target.com
https://target.com/login?redir= https://attacker.com/target.com
https://target.com/login?redir= https://attacker.com.target.com
https://target.com/@attacker.com
https://target.com%2f@attacker.com
https://target.com%252f@attacker.com
https://target.com%25252f@attacker.com
https://attacker.com%252f@target.com
https://attacker.com%ff.target.com
https://attacker.com?.target.com
https://attacker.com/.target.com
https://target.com/@attacker.com/target.com
https://target.com%252f@attacker.com/target.com
Attackers can use open redirects to enhance phishing attacks by redirecting users from a legitimate site to a malicious one. For instance, they could send an email with a URL that appears to lead to a legitimate site but actually redirects to a fake login page on a malicious site. The attacker can then steal the user’s credentials when they attempt to log in. While organizations can’t fully prevent phishing, they often overlook open redirects as minor issues. However, open redirects can be part of a chain of vulnerabilities, helping attackers bypass URL restrictions and maximize the impact of other vulnerabilities like server-side request forgery (SSRF). Additionally, open redirects can be used to steal credentials and OAuth tokens by exploiting the referer HTTP request header.
linkedin::https://www.linkedin.com/in/hozayfa-nasser-2b31b8246/
![what is RCE-[Remote code Execution]❓](https://miro.medium.com/v2/resize:fill:88:88/1*wJvUabMco6N48V0igs_lLQ.jpeg)
Bengali (Bangladesh) · 
English (United States) ·