What is Open Redirect Vulnerability
Well!!! Hello everyone! It’s ravitbughunter Back again I hope you all doing very well. Today we will learn open redirect vulnerability. let’s start, An open redirection vulnerability or open redirection happens when attackers are able to control where a website or application redirects users. This article shows how bad actors can redirect victims to malicious websites and how you can prevent such vulnerabilities
Types of Redirection:
- 301: Moved permanently
- 302: Redirected temporarily
- 303: Redirected temporarily
- 307: Redirected temporarily
- 308: Redirected permanently
301 Moved Permanently:
A 301 redirect is a permanent redirect that is considered to be the most efficient, popular and convenient way of redirecting a web page. This type of redirect is used when a website has been permanently moved to another address; one which has to be indexed by search engines so that all the traffic to the old URL is rerouted to the new URL.
This redirect is particularly used under the following circumstances:
- When you want seamless transition of traffic to your new domain from your old site
- When people use different URLs to reach your site, you can choose a preferred URL and then use 301 to redirect and send all the traffic to your preferred URL
- When you want to make sure that the links to your outdated URLs are redirected to the relevant pages after you merge two websites
302 Moved Permanently:
A temporary type of redirect, 302 is used when a certain URL has been changed to another location temporarily. How a URL works is dictated by a particular protocol called the Hypertext Transfer Protocol, commonly known as HTTP, upon which the internet runs. There are two major versions of this – 1.0 and 1.1. In the first version, the status code 302 means ‘moved temporarily.’ The version 1.1 has changed this to mean ‘Found.’
Use a 302 redirect when:
- You temporarily move your page to a new URL
- A page is under maintenance
- When you want to A/B test new website design or copy
Tips: In general, only use a 302 if you plan to bring back the original URL back at some point (or set up a new one)
303 Moved Permanently:
The Hypertext Transfer Protocol (HTTP)
303 See Other redirect status response code indicates that the redirects don’t link to the requested resource itself, but to another page (such as a confirmation page, a representation of a real-world object
307 Moved Permanently:
The successor of the 302 redirect is the HTTP 1.1 307 redirect. It works exactly the way a 302 redirect was intended to work and should ideally be used instead of it. The only exception to this is when the content has only temporarily moved due to some reason, like during maintenance or when the server compatibility to version 1.1 has been successfully identified by search engines. Since it is not possible to determine whether a search engine has identified a page as compatible or not, it is recommended that a 302 redirect be used for temporarily moved content.
OpenRedireX : A tool for Asynchronous Open redirect Fuzzer for Humans
This tool is useful for finding for vulnerability
- Fast (as it is Asynchronous)
- umm thats it , nothing much !
- Shows Location header history (if any)
- You can specify your own payloads in ‘payloads.txt’
- Takes a url or list of urls and fuzzes them for Open redirect issues
$ git clone https://github.com/devanshbatham/OpenRedireX
$ cd OpenRedireX
Note : The “FUZZ” is important and the url must be in double qoutes !
$ python3.7 openredirex.py -u “https://vulnerable.com/?url=FUZZ” -p payloads.txt –keyword FUZZ
Impact of Open Redirection Vulnerabilities:
If you have an open redirection vulnerability, it makes many other attacks possible:
- Phishing: The most obvious way to use an open redirect is to steer the victim away from the original site to a site that looks the same, steal user credentials, and then return to the vulnerable website as if nothing happened.
- Server-Side Request Forgery (SSRF): Open redirects may be used to evade SSRF filters.
- Content-Security-Policy bypassing: If you use CSP to protect against XSS and one of the whitelisted domains has an open redirect, this vulnerability may be used to bypass CSP.
Thanks for reading this article!