Open Redirect Scanner with Uber.com

Ak1T4
Ak1T4
Oct 10, 2016 · 2 min read

Searching for dummies redirect :)

WTF is an open redirect scanner?

Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts may have a more trustworthy appearance. Unvalidated redirect and forward attacks can also be used to maliciously craft a URL that would pass the application’s access control check and then forward the attacker to privileged functions that they would normally not be able to access.

Reference: https://www.owasp.org/index.php/Open_redirect

The scanner:

During a research to uber i needed a tool who scan the trace of the requests for viewing the jumps to final url destination and see if a list of uber domains can force to redirect to other external site. With a few line of codes python was the best solution for this. Why is dangerous an open redirect? because an attacker can send an url and force to redirect the user to a malicious site, execute evil scripts or phishing sensitive data.

Here is an example video with the open redirect scanner tool:

The scanner find an open redirect of uber subdomains and show how is forced to load www.yahoo.com site:

The issue was reported but Uber decides not fixed beacuse not considered a risk for its users

How is works?

The scanner shows a 303 error code (see others) when the domain is vuln

The attacks:

For example this domain in uber is vuln to open redirect -> https://trip.uber.com/

we can send to a user this evil url with a payload -> https://trip.uber.com//yahoo.com/%2F.. and the user is redirected to the yahoo.com site .. we can ofuscate the url for cheat the user with any encode available

The code:

Here is the python code i write to follow the requests to a final destination and see if the open redirect works. Basically the scanner load a list of subdomains an add a payload to the final url seeing where he goes

Enjoy and Happy Hacking! :)

Regards,

Ak1T4

InfoSec Write-ups

A collection of write-ups from the best hackers in the…

Ak1T4

Written by

Ak1T4

WhiteHat Hacker Zen Monk & Bounty Hunter

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. In a nutshell, we are the largest InfoSec publication on Medium. Maintained by Hackrew

Ak1T4

Written by

Ak1T4

WhiteHat Hacker Zen Monk & Bounty Hunter

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. In a nutshell, we are the largest InfoSec publication on Medium. Maintained by Hackrew

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store