HTTP - Open redirect
Last updated
Last updated
Find a way to make a redirection to a domain other than those showed on the web page.
We can click on any of the options and intercept the request using Burpsuite.
The request would typically be processed by a web server, which would attempt to access the specified URL (in this case, https://facebook.com
) and respond accordingly.
The h
parameter may be some form of hash used for the purpose of authentication.
Let's decode the hash using an online decoder.
So the MD5 hashing function was used to encode https://facebook.com
and the hash was then included in the h
parameter.
Let's say we want to redirect to https://openredirect.com
, we would have to set the h
parameter to the hash of the url
parameter.
For the final step, we have to send this request to the server.