• We just launched and are currently in beta. Join us as we build and grow the community.

OpenRedireX – A Open Redirection Vulnerability Finder

janne

Integration Specialist
J
J Rep
0
0
0
Rep
0
J Vouches
0
0
0
Vouches
0
Posts
56
Likes
18
Bits
0
2 MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1 400 XP
Black-and-Yellow-Business-Presentation.png


Hey Folks, in this tutorial we are going to talk about an open source “Open Redirection” vulnerability finder tool called “OpenRedireX“. Simply tool takes the URL from the user and then it constantly tries to find open redirect issues using its own wordlist that called as “FUZZING“. If you want to get deeper information about this vulnerability then you can go here.

Key Features
  • You can specify your own payloads in ‘payloads.txt’
  • Shows Location header history (if any)
  • Fast (as it is Asynchronous)
  • Takes a url or list of urls and fuzzes them for Open redirect issues

Installation

The tool is available on github as it is an open source tool. The installation is quite simple but as we know that dependence is the most important factor during the installation of any type of tool. So we will download the dependency before starting the tool.

apt-get install python3-venv1apt-get install python3-venv

1-8.png


Now we will configure this tool in our terminal but first we have to download it from the github and then go the directory. It’s not enough as we have to execute one more python command at the end.

git clone https://github.com/devanshbatham/OpenRedireX
cd OpenRedireX
python3 -m venv env
python3 openredirex.py1234git clone
https://github.com/devanshbatham/OpenRedireXcd OpenRedireXpython3-mvenv envpython3 openredirex.py

2-7.png


The installation has been completed and now we will show you the features of this tool through given image. Use the given command to launch this tool.

python3 openredirex.py --help1python3 openredirex.py--help

3-9.png

live Website

Here you can see that we got open redirection vulnerability in live website through this tool, but due to security policy we can show you everything.

4-7.png

Demo

Here you can see that we are using XVWA vulnerabale application for demonstration. If you want to do same lab setup in your localhost machine then you can go here.

5-7.png


Just look at the command that we mentioned below and only manipulate the URL parameter according to yourself. You can also see that the command below mentions the FUZZ keyword which is instructing the vulnerable parameter.

Usage 🙂 python3 openredirex.py -u < URL > -p < payload file > –keyword FUZZ

python3 openredirex.py -u "http://192.168.1.10/xvwa/vulnerabilities/redirect/redirect.php?forward=FUZZ" -p payloads.txt --keyword FUZZ1python3 openredirex.py-u"http://192.168.1.10/xvwa/vulnerabilities/redirect/redirect.php?forward=FUZZ"-ppayloads.txt--keyword FUZZ

6-6.png


As you can clearly see it gives us many combinations of results from which we can exploit this vulnerability.

7-6.png


Don 🙂 !! We get success when we take a URL from the results and execute it on the browser and as you can see we have successfully redirected to “google.com“.

8-5.png
About the AuthorShubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact on Linkedin.
 
You must log in or register to reply here.

432,230

312,541

312,550

C CharlesAboke
Top