We are telling you about Open Redirect Vulnerability. It is also called unvalidated redirects and forwards. What is Open Redirect Vulnerability and how it works.
You must also have heard about Open Redirect Vulnerability at some point, here is how hackers can take advantage of this Vulnerability, how it is done, all your questions will be answered in this article.
All this is being told to you for educational purpose, if you get Open Redirect Vulnerability in any website, then you should never use it wrongly, here you can get reward by reporting it.
Note- This article is only for educational purpose. Don’t miss use your knowledge and skills.
Also Read
How to Find Subdomains In kali linux
All in one Hacking tools for hackers
Website Vulnerability scanner Kali Linux
What is Open Redirect Vulnerability ?
Before finding Open Redirect Vulnerability, the first thing you should know is what it is and how hackers can take advantage of it. Let’s understand it by example, here you will also be given a demo.
Like suppose you have a link Facebook.com In such a case, when the user clicks on it, he gets redirected to some other website, here hackers can also redirect to websites like phishing.
When you understand this practically, you can understand Open Redirect Vulnerability better, this can also be done with the help of burp suite here if hackers get Open Redirect Vulnerability in websites like facebook or google.
In such a case, they can report or take bug bounty, but if they use it incorrectly, then there can be a lot of loss of users, because everyone trusts websites like google and facebook, in such a way, if the user through those websites, any other website But redirect is such that the user has no doubt.
Working of Open Redirect Vulnerability ?
Now let us know about how Open Redirect Vulnerability works and how hackers can take advantage of it. Here we are using two websites, you will get links of both here.
In Xtreme Vulnerable Web Application you also get to see about it, here we are also telling you in xvwa how you can see it by doing practical.
First of all you have to setup xvwa. After setup, you get the option of redirects and forwards here. As you can see in the image, here you have to copy and paste the link.
After pasting the url like this, this show is done in front of you in this way, here you can see that we have not yet redirected to any kind of website.
In this way, if we change the url, in such a way that the user gets redirected to the website where we want to get it done, here we Have redirected to google.com such hackers also use phishing websites here.
In the same way you can see this by doing practical in rootme website, you get challenges on rootme website, which you have to solve, if you have ever heard about your capture the flag, then you must definitely know about it.
https://www.root-me.org/?lang=fr
First of all, you have to create your account here, in this way, after this you can see the practical of your Open Redirect Vulnerability here too. After login, this website is open in front of you in this way.
Here you get the option of web server by entering in challenges, you get to see http open redirect, you have to go to that option, after that something is open in front of you in this way.
Here you are redirected to the original website by clicking on any button, you can check by clicking but we have to do the practical work of Open Redirect Vulnerability like we did in xvwa.
As you can see in the image, Facebook is showing a link in front of you, in such a way, after clicking on the Facebook button, you are redirected to the website of Facebook, we go from here. Showing you redirected to google.com
As you have been told in xvwa, name change can be redirected but here you can see that you are getting error after changing the name, so we have to change the hashes as well.
https://www.md5hashgenerator.com/
In this way, hashes can also be changed using any website online, as you can see in the image, here we have used md5 hash, what is this md5, it told you in the article about cryptography and encryption and decryption has gone
In such a way, when we change the hash also, in such a way, we get redirected to the same website, like we changed google by facebook here, in such a way, the hashes also have to be changed, in this way, Open Redirect Vulnerability works.
In such a way, you can understand how hackers can take advantage of Open Redirect Vulnerability, here any kind of malware can also be installed, whether it is trojan virus or worm virus.
The Conclusion
I hope Now you can understand about Open Redirect Vulnerability. Here we have told you about Open Redirect Vulnerability both theory and practical.
There are many other similar types of vulnerabilities that you can get a good bounty by finding them, you will be told about all of them soon, but if you find any kind of Vulnerability in any website, you should never misuse it. Do the
Here we want to make you clear one thing, here we have told you about the working and details of Open Redirect Vulnerability but how it is found in a website, it is not possible to tell here.
In such a situation, you have to use Burp suite. Almost everyone who has interest in hacking knows about Burp suite. The more you use Burp suite, the more you use your skills on Burp suite. Its your Benefit.
If you have any question related to Open Redirect Vulnerability or any kind of question, in this way you can ask in the comment, we will help you completely, I hope you will definitely like our article.
Sharing is Caring
Subscribe to our blog for latest updates.
Thankyou
Leave a Reply