💉My Open Redirect Methodology

Open Redirect Payload Wordlist

https://github.com/Salman0x01/payloads/blob/main/openurlredirects

Open Redirect Payload Generator

https://tools.intigriti.io/redirector/

Find Open Redirect Vulnerability Tool

python3 oralyzer.py -u http://testphp.vulnweb.com/ -p /home/kali/tools/Oralyzer/payloads.txt python3 oralyzer.py -l waymore.txt -p /home/kali/tools/Oralyzer/payloads.txt

---------------------------------------------------------------

---------------------------------------------------------------

(1) One-Liner Open Redirect Finding

/root/go/bin/gau http://testphp.vulnweb.com | /root/go/bin/gf xss | /root/go/bin/qsreplace "https://ebay.com" | /root/go/bin/httpx -silent -status-code -location

----------------------------------------------------------------

(2) One-Liner Open Redirect Finding

/root/go/bin/gau http://testphp.vulnweb.com | tee -a archive 1>/dev/null && /root/go/bin/gf redirect archive | cut  -f 3- -d ':' | /root/go/bin/qsreplace "https://ebay.com" | /root/go/bin/httpx -silent -status-code -location

----------------------------------------------------------------

(3) One-Liner Open Redirect Finding

/root/go/bin/gau http://testphp.vulnweb.com | grep -iE "redirect=|src=|groupuri=|redirect_url=|dest=|continue=url=|window=|next=|RedirectURl=|return=|ClientSideURl=|failureUrl=|ru|redir=|relyStat=|fallbackurl=|clickurl=|return_to=|url=|goto=|dest_url=|urlReturn=|referer=|appUrlScheme=|Errormessage=|Error=|SourceURL=|next=|target=|rurl=|dest=|destination=|redir=|redirect_uri=|redirect.cgi|view=|to=|go=|return=|returnTo=|checkout_url=|continue=|return_path=|success=|data=|qurl=|login=|logout=|ext=|clickurl=|goto=|rit_url=|forward_url=|forward=|pic=|callback_url=|jump=|jump_url=|originUrl=|desturl=|page=|u=|service=|recurl=|link=|burl=|backurl=" | /root/go/bin/qsreplace "https://ebay.com" | /root/go/bin/httpx -silent -status-code -location

----------------------------------------------------------------

(4) One-Liner Open Redirect Finding

/root/go/bin/waybackurls http://testphp.vulnweb.com | grep -iE "redirect=|src=|groupuri=|redirect_url=|dest=|continue=url=|window=|next=|RedirectURl=|return=|ClientSideURl=|failureUrl=|ru|redir=|relyStat=|fallbackurl=|clickurl=|return_to=|url=|goto=|dest_url=|urlReturn=|referer=|appUrlScheme=|Errormessage=|Error=|SourceURL=|next=|target=|rurl=|dest=|destination=|redir=|redirect_uri=|redirect.cgi|view=|to=|go=|return=|returnTo=|checkout_url=|continue=|return_path=|success=|data=|qurl=|login=|logout=|ext=|clickurl=|goto=|rit_url=|forward_url=|forward=|pic=|callback_url=|jump=|jump_url=|originUrl=|desturl=|page=|u=|service=|recurl=|link=|burl=|backurl="

----------------------------------------------------------------

(5) One-Liner Open Redirect Finding

/root/go/bin/waybackurls example.com | grep -a -i \=http | bhedak 'https://www.linkedin.com/redir/general-malware-page?url=evil%2ecom' | while read host do;do curl -s -L $host -I | grep "https://www.linkedin.com/redir/general-malware-page?url=evil%2ecom" && echo -e "$host \033[0;31mVulnerable\n" ;done

----------------------------------------------------------------

(6) One-Liner Open Redirect Finding

/root/go/bin/waybackurls http://testphp.vulnweb.com | grep -a -i \=http | /root/go/bin/qsreplace 'http://google.com' | while read host do;do curl -s -L $host -I | grep "google.com" && echo "$host \033[0;31mVulnerable\n" ;done

----------------------------------------------------------------

(7) One-Liner Open Redirect Finding

subfinder -dL domain.txt | httprobe | tee live_subdomains.txt ; cat live_subdomains.txt | weybackurls | tee wayback.txt ; cat wayback.txt | sort -u | grep "\?" > torun.txt ; nucli -t Url-Redirection-Catcher.yaml -1 torun.txt

----------------------------------------------------------------

(8) One-Liner Open Redirect Finding

/root/go/bin/subfinder -dL domains.txt | /root/go/bin/httprobe | tee live_domain.txt; cat live_domain.txt | /root/go/bin/waybackurls | tee wayback.txt; cat wayback.txt | sort -u | grep "\?" > open.txt; nuclei -t Url-Redirection-Catcher.yaml -l open.txt

----------------------------------------------------------------

(9) One-Liner Open Redirect Finding

cat subs.txt | /root/go/bin/waybackurls | /root/go/bin/gf redirect | /root/go/bin/qsreplace 'http://example.com' | /root/go/bin/httpx -fr -title -match-string 'google.com'

----------------------------------------------------------------

(10) One-Liner Open Redirect Finding

cat file.txt | /root/go/bin/gf url | tee url-redirect.txt && cat url-redirect.txt | parallel -j 10 curl --proxy http://127.0.0.1:8080 -sk > /dev/null

----------------------------------------------------------------

(11) One-Liner Open Redirect Finding

export LHOST="URL"; /root/go/bin/gau $1 | /root/go/bin/gf redirect | /root/go/bin/qsreplace "$LHOST" | xargs -I % -P 25 sh -c 'curl -Is "%" 2>&1 | grep -q "Location: $LHOST" && echo "VULN! %"'

----------------------------------------------------------------