Close Menu
    Bug Bounty

    What is Open Redirect Vulnerability

    By Updated:No Comments4 Mins Read

    What is Open Redirect Vulnerability

    Well!!! Hello everyone! It’s ravitbughunter Back again I hope you all doing very well. Today we will learn open redirect vulnerability. let’s start, An open redirection vulnerability or open redirection happens when attackers are able to control where a website or application redirects users. This article shows how bad actors can redirect victims to malicious websites and how you can prevent such vulnerabilities

     

    Types of Redirection:

    • 301: Moved permanently 
    • 302: Redirected temporarily
    • 303: Redirected temporarily
    • 307: Redirected temporarily
    • 308: Redirected permanently

     

    301 Moved Permanently:

    A 301 redirect is a permanent redirect that is considered to be the most efficient, popular and convenient way of redirecting a web page. This type of redirect is used when a website has been permanently moved to another address; one which has to be indexed by search engines so that all the traffic to the old URL is rerouted to the new URL.

    This redirect is particularly used under the following circumstances:

    • When you want seamless transition of traffic to your new domain from your old site
    • When people use different URLs to reach your site, you can choose a preferred URL and then use 301 to redirect and send all the traffic to your preferred URL
    • When you want to make sure that the links to your outdated URLs are redirected to the relevant pages after you merge two websites

     

    302 Moved Permanently:

    A temporary type of redirect, 302 is used when a certain URL has been changed to another location temporarily. How a URL works is dictated by a particular protocol called the Hypertext Transfer Protocol, commonly known as HTTP, upon which the internet runs. There are two major versions of this – 1.0 and 1.1. In the first version, the status code 302 means ‘moved temporarily.’ The version 1.1 has changed this to mean ‘Found.’

    Use a 302 redirect when:

    • You temporarily move your page to a new URL
    • A page is under maintenance
    • When you want to A/B test new website design or copy

    Tips: In general, only use a 302 if you plan to bring back the original URL back at some point (or set up a new one)

     

    303 Moved Permanently:

    The Hypertext Transfer Protocol (HTTP) 303 See Other redirect status response code indicates that the redirects don’t link to the requested resource itself, but to another page (such as a confirmation page, a representation of a real-world object

     

    307 Moved Permanently:

    The successor of the 302 redirect is the HTTP 1.1 307 redirect. It works exactly the way a 302 redirect was intended to work and should ideally be used instead of it. The only exception to this is when the content has only temporarily moved due to some reason, like during maintenance or when the server compatibility to version 1.1 has been successfully identified by search engines. Since it is not possible to determine whether a search engine has identified a page as compatible or not, it is recommended that a 302 redirect be used for temporarily moved content.

     

    OpenRedireX : A tool for Asynchronous Open redirect Fuzzer for Humans

    This tool is useful for finding for vulnerability

     

    Features:

    • Fast (as it is Asynchronous)
    • umm thats it , nothing much !
    • Shows Location header history (if any)
    • You can specify your own payloads in ‘payloads.txt’
    • Takes a url or list of urls and fuzzes them for Open redirect issues

    Usage :

    $ git clone https://github.com/devanshbatham/OpenRedireX
    $ cd OpenRedireX
    Note : The “FUZZ” is important and the url must be in double qoutes !
    $ python3.7 openredirex.py -u “https://vulnerable.com/?url=FUZZ” -p payloads.txt –keyword FUZZ

     

    Example:

     

     

    Impact of Open Redirection Vulnerabilities:

    If you have an open redirection vulnerability, it makes many other attacks possible:

    • Phishing: The most obvious way to use an open redirect is to steer the victim away from the original site to a site that looks the same, steal user credentials, and then return to the vulnerable website as if nothing happened.
    • Cross-site Scripting (XSS): If the redirect allows the use of data: or javascript: protocols and the client supports such protocols in redirects, it makes it possible for the attacker to perform an XSS attack.
    • Server-Side Request Forgery (SSRF): Open redirects may be used to evade SSRF filters.
    • Content-Security-Policy bypassing: If you use CSP to protect against XSS and one of the whitelisted domains has an open redirect, this vulnerability may be used to bypass CSP.

     

    Thanks for reading this article!

    Author

    Share.

    Related Posts

    Add A Comment
    Leave A Reply