Security for everyone
How To

How to Find Open Redirect Vulnerability

SecurityForEveryone

Security for Everyone

20/Sep/22

Here's how you can use the free and internet-based Open Redirect Vulnerability Scanner to check for any open redirect vulnerability.

Before we get started on how to use open redirects, let's cover some basic information about this vulnerability.

Use the links below to quickly navigate.

What is Open Redirect Vulnerability?

An open redirect is a security flaw that allows an attacker to redirect a user from the originally intended website to a malicious one. This usually happens when the user clicks on a link that appears to be legitimate but instead takes them to a malicious site. The malicious site could then steal the user's personal information or infect their device with malware.

The following is an example of code that contains an open redirect vulnerability:

http://www.example.com/redirect?url=http://www.google.com

This code will redirect the user to the Google homepage regardless of what URL is entered after the "url" parameter. This means that an attacker could use this code to redirect the user to a malicious website.

Open redirects are often used in phishing attacks. Attackers will send out emails or create websites that look legitimate but contain links that redirect users to a malicious site.

Open redirects can also be used to track users. Websites may use open redirects to track where users are coming from and what links they are clicking on. This information can then be used for marketing purposes.

OWASP 2021 Top Ten Category: A01:2021 – Broken Access Control

Open Redirect Vulnerability Code Example

The code below is a simple example:

<?php

...

header("Location:". $_GET['url']);

...

?>

This code will redirect you to any URL entered after the 'url' parameter.

Fixing Open Redirect Vulnerability

The best way to fix an open redirect vulnerability is to remove any code that automatically redirects the user. For example, the code above can be fixed by changing it to the following:

<?php

...

header("Location:". "http://www.example.com/index.html");

...

?>

If you need to redirect the user for some reason, make sure to check the URL that is being redirected first. You can do this by using a whitelist of approved URLs or by checking if the URL is on the same domain as the original website.

How to Use Redirect Vulnerability Scanner: Find Open Redirect Vulnerability

Our Open Redirect Vulnerability Scanner will be used to find this vulnerability. Even if you're not tech-savvy, you can still use this product by clicking a few buttons. However, if you are an expert, there are numerous settings and parameters that you may modify.

First Way: Use Fast Scan to Find Open Redirect Vulnerability

All you need to do is write any url you want to scan and click the 'Start Scan' button.

But it has some limitations:

  • If you want to scan the parameters of a form used in a page (like a login form), use the HTML form parser.
  • The fast scan allows you to quickly check any parameter in the query string using the HTTP GET method.
  • Use expert mode if the application accepts data using other HTTP methods (e.g., POST, PUT, or DELETE).
  • If the application requires authentication to access a web page you wish to scan, use export mode with the necessary authentication header.

Second Way: HTML Form Parser

The HTML form parser feature can help you scan web page form parameters. In many cases, forms are used to submit data to a server (e.g., login, contact, or search forms). To test a form, simply enter its URL into HTML Form Parser area and use the `Analyze` button. A popup will appear, and you can select your form to scan.

Here are some hints:

  • Use authentication headers if your web page needs authentications.
  • You can set any HTTP methods and use any valid header as you want.
  • Request body can be set with any HTTP method.

Third Way: Use Expert Mode

The expert mode gives you the ability to alter every aspect of an HTTP request. This includes choosing the HTTP method (GET, POST, PUT, DELETE), setting and selecting HTTP headers, as well as deciding on a request body.

Results

The estimated finish time for Open Redirect Vulnerability Scanner is about 10 seconds. After the scan is completed, you can view the results in three different ways.:

  • Compact: One-word output to see whether vulnerable or not.
  • Detail: Some other detail of output such as parameters and vulnerability type
  • Video: Commands that we used to check, the output of scan, vulnerability types. Watch all processes of the scan.

Thank you for reading. Stay safe.

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture