Detecting and exploiting open redirections

There are some redirections that are easy to detect  most redirections use a GET request. Others are a little more difficult to detect in simple view and need the use of the HTTP proxy to confirm them. Let's view another example:

www.testsite.com/process.php?r=otherplace.com (moidifcar por una real) 

In this kind of redirection, it is obvious that the variable is acting as flow control. Now, let's get Burp Suite to confirm the redirection and analyze it using the following steps:

  1. Open the website that you think is using redirections.
  2. Stop the request using the Burp Suite's Proxy, by clicking on the Intercept is on button:

  1. Use the secondary click to display the options menu, and click on Send to Spider.
  2. Spider is a tool included in all the HTTP proxies that works to map the applications. Spider follows all the links and redirections detected in the HTTP requests and responses to find the website's structure.
  3. Go to the Spider section, clicking on the Spider tab. Here you can monitor how Burp Suite is doing request to all the link detected in the application:

  1. Spider is a tool that works in the background while we are working on other tests. The results will be displayed in the Target tab. If you click on it, you can see all the different resources related to the website that you are analyzing:

  1. To detect open redirects, in this window, you can select a filter to just look for HTTP 3xx error codes. With this option active, you can find all the redirections included in the application:

Once you detect a redirection, the next thing to do is analyze what the application does with the data that is entered, and how it is used by the redirection. As we said before, is the data constructs a new URL, a part of a new URL or launch a code.

If you have Burp Suite's licensed version, the Scan tool has an option to perform this analysis automatically, injecting different values to determine when a redirection vulnerable and can be redirected to an external site.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.119.118.232