Open In App

OpenRedireX – Open Redirection Vulnerability Finder Tool in Linux

Improve
Improve
Like Article
Like
Save
Share
Report

Open redirect is a security defect in an app or a web page that causes it to fail to properly authenticate URLs. When apps and web pages have requests for URLs, they are supposed to prove that those URLs are part of the expected page’s domain. To test the web-based application manually for Open Redirection is very difficult. So we need an automated script that can make the task of manual testing easier and save the time of the penetration tester. OpenRedireX is an automated script developed in the Python language which tests the single URL and Multiple URLs or Open Redirection Vulnerability by inserting the payload of open redirection into the URL parameter and analyzing the response from the server. OpenRedireX supports customizing the payload list and also allows users to use their payload list. OpenRedireX tool is open-source and free to use.

Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux

Installation of OpenRedireX Tool on Kali Linux OS

Step 1: Check whether Python Environment is Established or not, use the following command.

python3

Step 2: Open up your Kali Linux terminal and move to Desktop using the following command.

cd Desktop

Step 3: You are on Desktop now so create a new directory called OpenRedireX using the following command. In this directory, we will complete the installation of the OpenRedireX tool.

mkdir OpenRedireX 

Step 4: Now switch to the OpenRedireX directory using the following command.

OpenRedireX 

Step 5: Now you have to install the tool. You have to clone the tool from GitHub.

git clone https://github.com/devanshbatham/OpenRedireX

Step 6: The tool has been downloaded successfully in the OpenRedireX directory. Now list out the contents of the tool by using the below command.

ls

Step 7: You can observe that there is a new directory created of the OpenRedireX tool that has been generated while we were installing the tool. Now move to that directory using the below command:

cd OpenRedireX 

Step 8: Once again to discover the contents of the tool, use the below command.

ls

Step 9: Now we are done with our installation, Use the below command to view the help (gives a better understanding of the tool) index of the tool.

python3 openredirex.py -h

Working with OpenRedireX Tool on Kali Linux OS

Example 1: For a single URL

python3 openredirex.py -u “https://www.geeksforgeeks.org/computer-science-projects/?ref=FUZZ” -p payloads.txt –keyword FUZZ

In this example, We will be testing the Open Redirection vulnerability on the geeksforgeeks.org/computer-science-projects/?ref=FUZZ domain. We have passed the payload list and passed the keyword where the payloads will be inserted. As geeksforgeeks.org is a secured domain so the tool has not detected any suspected query.

python3 openredirex.py -u “http://192.168.1.10/xvwa/vulnerabilities/redirect/redirect.php?forward=FUZZ” -p payloads.txt –keyword FUZZ

1. In this example, We will be testing Open Redirection of XVWA (Vulnerable Web-Application). We have passed the payload list and passed the keyword where the payloads will be inserted.

2. In the below Screenshot, We have got the results and the suspected websites that are vulnerable to Open Redirection.

3. In the below Screenshot, We are trying to open the vulnerable site and we are automatically redirected to the google.com domain.

Example 2: For List of URLs 

python3 openredirex.py -l urls.txt -p payloads.txt --keyword FUZZ

1. In this example, We will be testing for Open Redirection on multiple URLs at a time. We have passed the URLs list using the -l tag and the payloads list is passed through the -p tag.

2. In the below Screenshot, We have got the vulnerable URLs that are suspected to Open Redirection.



Last Updated : 14 Sep, 2021
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads