# Open Redirect

### Open Redirect

#### Description

Open Redirect occurs when a web application allows untrusted input to redirect users to external URLs without proper validation. This can lead to phishing attacks and loss of user trust.

#### Example with Scenario

**Scenario:** A web application uses a URL parameter to redirect users after login. An attacker can craft a malicious URL that redirects users to a phishing site.

#### Payloads and Test Cases

**Payloads**

1. **Basic Open Redirect:**

   ```
   /redirect?url=http://malicious.com
   ```
2. **URL Encoding:**

   ```
   /redirect?url=http%3A%2F%2Fmalicious.com
   ```
3. **Relative Path:**

   ```
   /redirect?url=//malicious.com
   ```

**Test Cases**

1. **Basic Open Redirect:**
   * **Payload:**

     ```
     /redirect?url=http://malicious.com
     ```
   * **Test Case:**

     ```python
     # Send payload to the server
     sendPayloadToServer("/redirect?url=http://malicious.com")
     # Verify if the application redirects to the malicious URL
     checkRedirection("http://malicious.com")
     ```
2. **URL Encoding:**
   * **Payload:**

     ```
     /redirect?url=http%3A%2F%2Fmalicious.com
     ```
   * **Test Case:**

     ```python
     # Send payload to the server
     sendPayloadToServer("/redirect?url=http%3A%2F%2Fmalicious.com")
     # Verify if the application redirects to the malicious URL
     checkRedirection("http://malicious.com")
     ```
3. **Relative Path:**
   * **Payload:**

     ```
     /redirect?url=//malicious.com
     ```
   * **Test Case:**

     ```python
     # Send payload to the server
     sendPayloadToServer("/redirect?url=//malicious.com")
     # Verify if the application redirects to the malicious URL
     checkRedirection("http://malicious.com")
     ```

#### Mitigation

1. **Whitelist URLs:**
   * Implement a whitelist of allowed URLs for redirection.
   * Ensure that only trusted URLs are allowed for redirection.
2. **URL Validation:**
   * Validate the URL parameter to ensure it points to a trusted domain.
   * Reject any URL that does not match the allowed patterns.
3. **Use Relative URLs:**
   * Use relative URLs for internal redirection to prevent external redirects.
   * Avoid using user-supplied input directly in redirection logic.
4. **Security Headers:**
   * Implement security headers like Content Security Policy (CSP) to restrict loading of external resources.
   * Use X-Frame-Options to prevent clickjacking attacks.