Very Lazy Tech – Cybersecurity, Ethical Hacking & Bug Bounty Insights 🔥💻

Basic info — Open Redirect Open Redirect (also known as Unvalidated Redirects and Forwards) occurs when a web application accepts user-supplied input and redirects the user to an arbitrary URL without proper validation. How to find entry points to test? Burp Proxy history & Burp Sitemap (look at URLs with parameters) Google dorking. E.g: inurl:redirectUrl=http site:target.com Functionalities usually associated with redirects: Login, Logout, Register & Password reset pages (Change site language, Links in emails, Read JavaScript code) Bruteforcing Look for hidden redirect parameters, for e.g.: /redirect?url={payload}& next ={payload}&redirect={payload}&redir={payload}&rurl={payload}&redirect_uri={payload} / ?u rl={payload}& next ={payload}&redirect={payload}&redir={payload}&rurl={payload}&redirect_uri={payload} Responses to look for when fuzzing HTTP redirect status codes 300 Multiple Choices 301 Moved Permanently 302 Found 303 See Other 30...