A
redirect automatically sends website's visitors to some different location or URL;
redirection could be either at different location within the same site or a new
site or webpage.
Unsecure redirection and forwarding are the outcomes
when a web application accepts untrusted inputs that could cause the web
application to redirect the request to a URL contained within untrusted/Unvalidated
input, we can also call this type of redirection as Unvalidated Redirection.
We are demonstrating the actual
concept and types of redirection through a PHP code running under apache server
on a local machine running kali Linux. We can also use wamp or xampp server for
windows machine to run and execute these codes. For executing our redirection
scripts, put the codes in /var/www/html
directory: This is the directory pointing to localhost (in our case).
References
https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet
Basic Redirection
On browser type localhost/redirect/home.php
Hover on Redirect Link, pointing
to redirection page (re.php). We can see the redirection on clear text format
below. (As shown in the figure below).
When we click on this link, we
will be redirected to http://www.hackingarticles.in, as we have coded in our
redirection script (re.php).
This is the basic redirection
where we are simply redirecting the users from one page to another page through
php scripts without considering any security measures in account. The further
encoding parameters of redirection are explained below.
URL Encoding
On browser type localhost/hex/home.php (page where we
have our scripts)
Hover on Redirect Link, pointing
to redirection page (re.php). We can see the redirection on clear text format
below.(As shown in the figure below).
Here we are using the same script
for the home page but in this redirection we are using simple URL encoding
where we can send our URL in URL Encoded format
and the encoded URL is being decoded through the script running on our
redirected php page(re.php in this case).
WE can use any online /offline
converter for calculating URL encoded value (in this example we are using http://www.meyerweb.com/)
Refer below screenshot for URL
encoding.
Right click on Redirect Link on home.php and
copy link location and past the URL in new tab. If we replace the redirected
URL with URL encoded value we will land on the same page.
The following is the result
HEX Encoding
Here we are converting the URL in
its Hexadecimal Value using Burp suite (you can use any online/offline tool).
Single Hex encoded
value of http://www.hackingarticles.in is
%68%74%74%70%3a%2f%2f%77%77%77%2e%68%61%63%6b%69%6e%67%61%72%74%69%63%6c%65%73%2e%69%6e
Right click on Redirect Link on home.php and
copy link location and past the URL in new tab. If we replace the redirected
URL with single hex encoded value we will land on the same page
The following is the result
Multilevel Encoding
Here we are demonstrating the multilevel encoding where we
are re-encoding the pre encoded values.
Double Hex encoded
value of http://www.hackingarticles.in is
%25%36%38%25%37%34%25%37%34%25%37%30%25%33%61%25%32%66%25%32%66%25%37%37%25%37%37%25%37%37%25%32%65%25%36%38%25%36%31%25%36%33%25%36%62%25%36%39%25%36%65%25%36%37%25%36%31%25%37%32%25%37%34%25%36%39%25%36%33%25%36%63%25%36%35%25%37%33%25%32%65%25%36%39%25%36%65
Right click on Redirect Link on home.php and copy link
location and past the URL in new tab. If we replace the redirected URL with
double hex encoded value we will land on the same page.
The following is the result
Base 64 Encoded Redirection
On browser type http://localhost/base64/home.php
Hover on Redirect Link, pointing
to redirection page (re.php). Here we are pre encoding our URL to its base 64
encoded value because of which our URL is something which can't be
understandable with naked eye .(As shown in the figure below).
Below image shows the Base64 encoding of our URL http://www.hackingarticles.in
Base64 encoded value
of http://www.hackingarticles.in is
“aHR0cDovL3d3dy5oYWNraW5nYXJ0aWNsZXMuaW4=”
The following is the output
0 comments:
Post a Comment