How to Find Open Redirect Vulnerability

Here’s how you can use the free and internet-based Open Redirect Vulnerability Scanner to check for any open redirect vulnerability.

Before we get started on how to use open redirects, let’s cover some basic information about this vulnerability.

Use the links below to quickly navigate.

• What is open redirect vulnerability?
• Open redirect vulnerability code example
• Fixing open redirect vulnerability
• How to Use Redirect Vulnerability Scanner: Find Open Redirect Vulnerability

What is Open Redirect Vulnerability?

An open redirect is a security flaw that allows an attacker to redirect a user from the originally intended website to a malicious one. This usually happens when the user clicks on a link that appears to be legitimate but instead takes them to a malicious site. The malicious site could then steal the user’s personal information or infect their device with malware.

The following is an example of code that contains an open redirect vulnerability:

http://www.example.com/redirect?url=http://www.google.com

This code will redirect the user to the Google homepage regardless of what URL is entered after the “url” parameter. This means that an attacker could use this code to redirect the user to a malicious website.

Open redirects are often used in phishing attacks. Attackers will send out emails or create websites that look legitimate but contain links that redirect users to a malicious site.

Open redirects can also be used to track users. Websites may use open redirects to track where users are coming from and what links they are clicking on. This information can then be used for marketing purposes.

OWASP 2021 Top Ten Category: A01:2021 – Broken Access Control

Open Redirect Vulnerability Code Example

The code below is a simple example:

<?php

...

header("Location:". $_GET['url']);

...

?>

This code will redirect you to any URL entered after the ‘url’ parameter.

Fixing Open Redirect Vulnerability

The best way to fix an open redirect vulnerability is to remove any code that automatically redirects the user. For example, the code above can be fixed by changing it to the following:

<?php

...

header("Location:". "http://www.example.com/index.html");

...

?>

If you need to redirect the user for some reason, make sure to check the URL that is being redirected first. You can do this by using a whitelist of approved URLs or by checking if the URL is on the same domain as the original website.

How to Use Redirect Vulnerability Scanner: Find Open Redirect Vulnerability

Our Open Redirect Vulnerability Scanner will be used to find this vulnerability. Even if you’re not tech-savvy, you can still use this product by clicking a few buttons. However, if you are an expert, there are numerous settings and parameters that you may modify.

First Way: Use Single Scan to Find Open Redirect Vulnerability

All you need to do is write any url you want to scan and click the ‘Start Scan’ button.

But it has some limitations:

• If you want to scan the parameters of a form used in a page (like a login form), use the HTML form parser.
• The single scan allows you to quickly check any parameter in the query string using the HTTP GET method.
• Use expert mode if the application accepts data using other HTTP methods (e.g., POST, PUT, or DELETE).
• If the application requires authentication to access a web page you wish to scan, use export mode with the necessary authentication header.

Second Way: Advanced Scan for Custom HTTP Requests

Our advanced scanning feature enables you to thoroughly test web applications by allowing full customization of HTTP requests. Whether you’re analyzing form parameters, exploring different HTTP methods, or including authentication headers, this mode provides the flexibility and control you need.

Here’s how to use it effectively:

• Automated Form Parameter Scanning:
  If your target URL includes forms (such as login or search forms), our scanner automatically detects and parses these forms. Simply enter the URL into the input field, and the system will analyze and include form parameters in the scan process.
• Flexible HTTP Method Selection:
  Choose from HTTP methods such as GET, POST, PUT, or DELETE to tailor your scan to the application’s behavior. This flexibility ensures you can test parameters and vulnerabilities that require specific methods.
• Custom Headers and Request Bodies:
  Include custom headers (e.g., authentication tokens) and define a request body as needed. This feature is especially useful for applications requiring authentication or complex input formats.

The advanced scan ensures that you have all the tools necessary to uncover vulnerabilities in any scenario, providing both precision and depth in your testing process.

Results

The estimated finish time for Open Redirect Vulnerability Scanner is about 10 seconds. After the scan is completed, you can view the results in three different ways:

• Compact: One-word output to see whether vulnerable or not.
• Detail: Some other detail of output such as parameters and vulnerability type
• Video: Commands that we used to check, the output of scan, vulnerability types. Watch all processes of the scan.

Thank you for reading. Stay safe.