Working with OpenRedireX Tool on Kali Linux OS

Example 1: For a single URL

python3 openredirex.py -u “https://www.w3wiki.org/computer-science-projects/?ref=FUZZ” -p payloads.txt –keyword FUZZ

In this example, We will be testing the Open Redirection vulnerability on the w3wiki.org/computer-science-projects/?ref=FUZZ domain. We have passed the payload list and passed the keyword where the payloads will be inserted. As w3wiki.org is a secured domain so the tool has not detected any suspected query.

python3 openredirex.py -u “http://192.168.1.10/xvwa/vulnerabilities/redirect/redirect.php?forward=FUZZ” -p payloads.txt –keyword FUZZ

1. In this example, We will be testing Open Redirection of XVWA (Vulnerable Web-Application). We have passed the payload list and passed the keyword where the payloads will be inserted.

2. In the below Screenshot, We have got the results and the suspected websites that are vulnerable to Open Redirection.

3. In the below Screenshot, We are trying to open the vulnerable site and we are automatically redirected to the google.com domain.

Example 2: For List of URLs 

python3 openredirex.py -l urls.txt -p payloads.txt --keyword FUZZ

1. In this example, We will be testing for Open Redirection on multiple URLs at a time. We have passed the URLs list using the -l tag and the payloads list is passed through the -p tag.

2. In the below Screenshot, We have got the vulnerable URLs that are suspected to Open Redirection.

Open redirect is a security defect in an app or a web page that causes it to fail to properly authenticate URLs. When apps and web pages have requests for URLs, they are supposed to prove that those URLs are part of the expected page’s domain. To test the web-based application manually for Open Redirection is very difficult. So we need an automated script that can make the task of manual testing easier and save the time of the penetration tester. OpenRedireX is an automated script developed in the Python language which tests the single URL and Multiple URLs or Open Redirection Vulnerability by inserting the payload of open redirection into the URL parameter and analyzing the response from the server. OpenRedireX supports customizing the payload list and also allows users to use their payload list. OpenRedireX tool is open-source and free to use.

Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux