How Redirects work on Facebook? Technical breakdown
Recently I was been working on Facebook Whitehat program and I wanted to explain a bug which I found — OPEN REDIRECT
Hey, hope all are good. I’m Abhisek here
Disclaimer: This is for educational purposes only. I’m not in any way liable for any misuse.
When I was looking for low hanging bugs on Facebook, open redirect was the one which attracted me. So quickly launched Facebook and looked the requests sent during the process of redirection.
Request No-32, caught my eyes on Open redirection bug. Took the request URL and tried to change the destination from
You know what? Request succeeded and I was able to redirect from Facebook domain!!!!!
But wait what does Facebook Whitehat program says? Request to https://evilzone.org is only been accepted as open redirect. So tried to redirect to Evilzone site, but Facebook security Linkshim detected it was malicious and request did not pass.
Tried to bypass in different ways, Some of them are domain.evilzone.org, Domainevilzone.org, domain.org.evilzone.org, but none of them succeeded. Then I left this bug and worked on some other but I was unlucky. After some time link shortening caught my attention, as expected the redirect worked.
Again unlucky, Then after a long time. A small idea sparked on my head,
Why don’t I redirect using IP address? YES you know, I was able to redirect without any errors or defense. Finally Again reported!
After this response, Me
However it maybe, Consistency is very important in Bug Bounty and Cyber Security Field.
Byee, Hope you had a good read!