# Open Redirect

### Open Redirect

#### Description

Open Redirect occurs when a web application allows untrusted input to redirect users to external URLs without proper validation. This can lead to phishing attacks and loss of user trust.

#### Example with Scenario

**Scenario:** A web application uses a URL parameter to redirect users after login. An attacker can craft a malicious URL that redirects users to a phishing site.

#### Payloads and Test Cases

**Payloads**

1. **Basic Open Redirect:**

   ```
   /redirect?url=http://malicious.com
   ```
2. **URL Encoding:**

   ```
   /redirect?url=http%3A%2F%2Fmalicious.com
   ```
3. **Relative Path:**

   ```
   /redirect?url=//malicious.com
   ```

**Test Cases**

1. **Basic Open Redirect:**
   * **Payload:**

     ```
     /redirect?url=http://malicious.com
     ```
   * **Test Case:**

     ```python
     # Send payload to the server
     sendPayloadToServer("/redirect?url=http://malicious.com")
     # Verify if the application redirects to the malicious URL
     checkRedirection("http://malicious.com")
     ```
2. **URL Encoding:**
   * **Payload:**

     ```
     /redirect?url=http%3A%2F%2Fmalicious.com
     ```
   * **Test Case:**

     ```python
     # Send payload to the server
     sendPayloadToServer("/redirect?url=http%3A%2F%2Fmalicious.com")
     # Verify if the application redirects to the malicious URL
     checkRedirection("http://malicious.com")
     ```
3. **Relative Path:**
   * **Payload:**

     ```
     /redirect?url=//malicious.com
     ```
   * **Test Case:**

     ```python
     # Send payload to the server
     sendPayloadToServer("/redirect?url=//malicious.com")
     # Verify if the application redirects to the malicious URL
     checkRedirection("http://malicious.com")
     ```

#### Mitigation

1. **Whitelist URLs:**
   * Implement a whitelist of allowed URLs for redirection.
   * Ensure that only trusted URLs are allowed for redirection.
2. **URL Validation:**
   * Validate the URL parameter to ensure it points to a trusted domain.
   * Reject any URL that does not match the allowed patterns.
3. **Use Relative URLs:**
   * Use relative URLs for internal redirection to prevent external redirects.
   * Avoid using user-supplied input directly in redirection logic.
4. **Security Headers:**
   * Implement security headers like Content Security Policy (CSP) to restrict loading of external resources.
   * Use X-Frame-Options to prevent clickjacking attacks.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://playbook.sidthoviti.com/web-app-pentesting/open-redirect.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.