OpenRedireX – Open Redirection Vulnerability Finder Tool in Linux
Open redirect is a security defect in an app or a web page that causes it to fail to properly authenticate URLs. When apps and web pages have requests for URLs, they are supposed to prove that those URLs are part of the expected page’s domain. To test the web-based application manually for Open Redirection is very difficult. So we need an automated script that can make the task of manual testing easier and save the time of the penetration tester. OpenRedireX is an automated script developed in the Python language which tests the single URL and Multiple URLs or Open Redirection Vulnerability by inserting the payload of open redirection into the URL parameter and analyzing the response from the server. OpenRedireX supports customizing the payload list and also allows users to use their payload list. OpenRedireX tool is open-source and free to use.
Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux
Installation of OpenRedireX Tool on Kali Linux OS
Step 1: Check whether Python Environment is Established or not, use the following command.
Step 2: Open up your Kali Linux terminal and move to Desktop using the following command.
Step 3: You are on Desktop now so create a new directory called OpenRedireX using the following command. In this directory, we will complete the installation of the OpenRedireX tool.
Step 4: Now switch to the OpenRedireX directory using the following command.
Step 5: Now you have to install the tool. You have to clone the tool from GitHub.
git clone https://github.com/devanshbatham/OpenRedireX
Step 6: The tool has been downloaded successfully in the OpenRedireX directory. Now list out the contents of the tool by using the below command.
Step 7: You can observe that there is a new directory created of the OpenRedireX tool that has been generated while we were installing the tool. Now move to that directory using the below command:
Step 8: Once again to discover the contents of the tool, use the below command.
Step 9: Now we are done with our installation, Use the below command to view the help (gives a better understanding of the tool) index of the tool.
python3 openredirex.py -h
Working with OpenRedireX Tool on Kali Linux OS
Example 1: For a single URL
python3 openredirex.py -u “https://www.geeksforgeeks.org/computer-science-projects/?ref=FUZZ” -p payloads.txt –keyword FUZZ
In this example, We will be testing the Open Redirection vulnerability on the geeksforgeeks.org/computer-science-projects/?ref=FUZZ domain. We have passed the payload list and passed the keyword where the payloads will be inserted. As geeksforgeeks.org is a secured domain so the tool has not detected any suspected query.
python3 openredirex.py -u “http://192.168.1.10/xvwa/vulnerabilities/redirect/redirect.php?forward=FUZZ” -p payloads.txt –keyword FUZZ
1. In this example, We will be testing Open Redirection of XVWA (Vulnerable Web-Application). We have passed the payload list and passed the keyword where the payloads will be inserted.
2. In the below Screenshot, We have got the results and the suspected websites that are vulnerable to Open Redirection.
3. In the below Screenshot, We are trying to open the vulnerable site and we are automatically redirected to the google.com domain.
Example 2: For List of URLs
python3 openredirex.py -l urls.txt -p payloads.txt --keyword FUZZ
1. In this example, We will be testing for Open Redirection on multiple URLs at a time. We have passed the URLs list using the -l tag and the payloads list is passed through the -p tag.
2. In the below Screenshot, We have got the vulnerable URLs that are suspected to Open Redirection.