Oralyzer : Linux Tool To Identify Open Redirection
Open Redirection is the security vulnerability in a web-based application that causes it to fail to properly authenticate URLs. When any web-based application receives requests for URLs, they are supposed to prove that the requested URLs are an integral part of their domain. No other URLs should be redirected except the authenticated one. So there are various scenarios to test this Open Redirection flaw. These can be done through manual testing by analyzing the parameters and inserting the payload, but it becomes difficult to test the application manually; so the automated approach is feasible for testing Open Redirection flaw. Oralyzer is the tool that tests the web-based application for Open Redirection and also CRLF Injection flaw. Oralyzer tool is a fully automated tool developed in the Python language. It also supports proxy, custom payload use, and extracting URLs from the Wayback Machine. Oralyzer tool is open-source and free-to-use.
Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux
Installation of Oralyzer Tool on Kali Linux
Step 1: Check whether Python Environment is Established or not, use the following command.
Step 2: Open up your Kali Linux terminal and move to Desktop using the following command.
Step 3: You are on Desktop now create a new directory called Oralyzer using the following command. In this directory, we will complete the installation of the Oralyzer tool.
Step 4: Now switch to the Oralyzer directory using the following command.
Step 5: Now you have to install the tool. You have to clone the tool from GitHub.
git clone https://github.com/0xNanda/Oralyzer.git
Step 6: The tool has been downloaded successfully in the Oralyzer directory. Now list out the contents of the tool by using the below command.
Step 7: You can observe that there is a new directory created of the Oralyzer tool that has been generated while we were installing the tool. Now move to that directory using the below command:
Step 8: Once again to discover the contents of the tool, use the below command.
Step 9: Download the required packages for running the tool, use the following command.
sudo pip3 install -r requirements.txt
Step 10: Now we are done with our installation, Use the below command to view the help (gives a better understanding of the tool) index of the tool.
python3 oralyzer.py -h
Working with Oralyzer Tool on Kali Linux OS
Example 1: Simple Scan Target
python3 oralyzer.py -u http://127.0.0.1/bWAPP/bWAPP/unvalidated_redir_fwd_1.php?url=
1. In this example, We will be testing Open Redirection vulnerability on the bWAPP Application. We have passed the URL in the -u tag.
2. In the below Screenshot, We have got the results, as the tool has inserted some payloads and returned the result.
3. In the below Screenshot, We are trying to perform Open Redirection by copying one of the malicious URLs which we received as our result.
4. In the below Screenshot, We are redirected to google.com as the payload worked, it means that the specified URL is vulnerable to Open Redirection.
Example 2: Scan for CRLF Injection
python3 oralyzer.py -u http://127.0.0.1/bWAPP/bWAPP/unvalidated_redir_fwd_1.php?url= -crlf
1. In this example, We are testing the URL for CRLF Injection Vulnerability. CRLF injection is a software application coding vulnerability that occurs when an attacker injects a CRLF character sequence where it is not expected. We have used -crlf tag for the usage
2. In the below Screenshot, We have got the results of our CRLF Test.
Example 3: Saving Output
python3 oralyzer.py -u http://127.0.0.1/bWAPP/bWAPP/unvalidated_redir_fwd_1.php?url= > output.txt
1. In this example, We are saving the results in the text file for further usage. We have used the Redirection (>) symbol for saving the results.
2. In the below Screenshot, We are displaying the results which are saved in the text file (output.txt).