URL Redirection through GET enviroment

Updated: Feb 13

Steps to perform URL redirection:

  1. Select a website you want to attack.

  2. Spider that website by right-clicking on the website in the target section of burp suite.

  3. After the spider process is completed, sort list of website wrt parameters.

  4. Once you find webpages, look for common parameter mentioned below.

  5. Send that specific Web Page to the repeater and change that parameter to "XYZ.com".

  6. Click go and render output to check if the page is redirected or not.

Example:

(1) www.xyz.com/dest=login.html                          |                          |              (send to the repeater)                          |                          | change "dest=login.html" to "dest=xyz.com"(where xyz can be anything) and click go

If the page is redirected, you can successfully claim that vulnerability.

Common Parameter List: 

  • dest

  • redirect

  • navigation

  • reference

  • port

  • host

  • feed

  • page

  • return

  • callback

  • domain

  • validate

  • show

  • view

  • window

  • url

  • path

  • uri



10 views
  • Instagram
  • LinkedIn
  • Facebook

©2020 by Parth Shukla