Header Based Redirection

Question

Header Based Redirection

Closed this issue 3 years ago · 5 comments

when it says Header Based Redirection
what headers is it using?

Answer 1 · 2022-01-06T04:25:02.000Z

I've already written a blog post that answers your query : https://r0075h3ll.github.io/Open-Redirects-Everything-That-You-Should-Know/

Answer 2 · 2022-01-06T04:30:08.000Z

Thanks.
ok so the redirect:
https://example.com//google.com shows up in the location header.
problem is Location: https://site.com/example.com <--- false positive and it won't redirect.
but gets flagged as header based redirection.

Answer 3 · 2022-01-06T04:41:54.000Z

So the thing is that if the Location header exists in the response then it only shows what the website is redirecting to after sending the payload, nothing more.

Answer 4 · 2022-01-06T04:43:35.000Z

got it, thanks
and great tool :)

Answer 5 · 2022-01-06T04:44:52.000Z

Thanks mate ✌️