Basic info — Open Redirect
Open Redirect (also known as Unvalidated Redirects and Forwards) occurs when a web application accepts user-supplied input and redirects the user to an arbitrary URL without proper validation.
How to find entry points to test?
Burp Proxy history & Burp Sitemap (look at URLs with parameters)
Google dorking. E.g: inurl:redirectUrl=http site:target.com
Functionalities usually associated with redirects:
Login, Logout, Register & Password reset pages (Change site language, Links in emails, Read JavaScript code)
Bruteforcing
Look for hidden redirect parameters, for e.g.:
/redirect?url={payload}&next={payload}&redirect={payload}&redir={payload}&rurl={payload}&redirect_uri={payload}
/?url={payload}&next={payload}&redirect={payload}&redir={payload}&rurl={payload}&redirect_uri={payload}
Responses to look for when fuzzing
HTTP redirect status codes
300 Multiple Choices
301 Moved Permanently
302 Found
303 See Other
304 Not Modified
305 Use Proxy
307 Temporary Redirect
308 Permanent Redirect
- Alert box popping up
