Fast Feed

How to Automate Hunting for Open Redirect

1 min read

Summary

  • Hunting for open redirects manually is arduous, requiring creativity and remediation.
  • The author recommends automating this process using a multistep toolchain: Waybackurls by Tomnomnom, combined with ParamSpider.
  • First, scan for subdomains using Subfinder, saving the output.
  • Then, use Waybackurls to identify redirecting URLs.
  • Finally, use ParamSpider to search those subdomains for parameters that could be open redirects, saving the results.
  • This process can efficiently identify potential open redirect vulnerabilities for further exploration.
  • Examples and commands are provided for replicate the process, which culminated in the author discovering an open redirect on a NASA subdomain.

By Spectat0rguy

Original Article