After Golismero project got dead there is no more any up to date open-source tool that can collect links with parametrs and web-forms and then test them, so i decided to write one by my own. At the first step this tool does collect all the entry-points for the target website and then tryes to find open redirect vulnerability.
Why this project is better than other open-redirect scanners? It does recursevely crawl all the links from the target website and finds potential vulnerable web-forms by itself instead of using CommonCrawl or getting links list from user input. In the future i will probably add more modules to fuzz for SQL Injections and XSS.
Instalation
~$ git clone https://github.com/d34db33f-1007/fuzz300.git
~$ pip3 install -r requirements.txt
Usage
~$ python3.8 fuzz300.py -u https://example.com
~$ python3.8 fuzz300.py -u https://www.example.com -c 'Cookie: user=admin'
After running you will also find newly created files with interesting links and all website entry-points.
Tips
• Try using the same parameter twice: ?next=whitelisted.com&next=google.com
• If periods filtered, use an IPv4 address in decimal notation http://www.geektools.com/geektools-cgi/ipconv.cgi
• Try a double-URL and triple-URL encoded version of payloads
• Try redirecting to an IP address (instead of a domain) using different notations: IPv6, IPv4 in decimal, hex or octal
• For XSS, try replacing alert(1) with prompt(1) & confirm(1)
• If extension checked, try ?image_url={payload}/.jpg
• Try target.com/?redirect_url=.uk (or [any_param]=.uk). If it redirects to target.com.uk, then it’s vulnerable! target.com.uk and target.com are different domains.
• Use /U+e280 RIGHT-TO-LEFT OVERRIDE: https://whitelisted.com@%E2%80%[email protected]
------ The unicode character U+202E changes all subsequent text to be right-to-left
------ E.g.: https://hackerone.com/reports/299403
Exploitation
• Phishing
• Chaining open redirect with
-- • SSRF
-- • OAuth token disclosure
-- • XSS
-- • CRLF injection
Open redirect writeups
• Hackerone report 158434: Open Redirect & XSS on Shopify, $1,000
• Hackerone report 101962: Open Redirect on Shopify, $500
• Hackerone report 55546: Open Redirect on Shopify, $500
• Hackerone report 55525: Open Redirect on Shopify, $500
• Hackerone report 169759: Open Redirect on Shopify, $500
• Hackerone report 160047: Open Redirect on Shopify, $500
• Hackerone report 103772: Open Redirect on Shopify, $500
• Hackerone report 159522: Open Redirect on Shopify, $500
1.2k Jan 8, 2023
1 Dec 17, 2021
1 Dec 23, 2021
996 Dec 28, 2022
8 May 25, 2022
3 Sep 23, 2022
53 Dec 21, 2022
15 Dec 9, 2022
2 Dec 22, 2021
6 Apr 02, 2022
1 Nov 19, 2021
6 Sep 05, 2022
6 May 19, 2022
2.6k Jan 03, 2023
4 Nov 05, 2022
8 Jun 28, 2022
258 Sep 20, 2021
1 Feb 09, 2022
0 Apr 14, 2022
32 Dec 15, 2022
1.7k Dec 30, 2022
1 Mar 01, 2022
19 Jan 04, 2023
3.5k Jan 03, 2023
6 Jun 04, 2022
4 Oct 22, 2022
2 Feb 06, 2022
2 Oct 22, 2021
4 Feb 05, 2022