- Information Security
- VAPT
- SIEM
- McAfee Nitro
- Splunk
- UF-Installation on Linux
- UF-Installation on Windows
- Splunk Instance Installation
- UF & Receiver Configuration
- HF & Receiver Configuration
- Deployment Server & Client Configuration
- Distributed Search Setup
- Indexer Clustering
- Search Head Clustering
- SH Clustering with Non-clustered Indexer
- SH Clustering with Clustered Indexer
- Splunk Fundamental 1
- Splunk Fundamental 2
- Regular Expression
- Computer Networking
- TCP/IP Vs OSI
- Networking Fundamentals
- Subnetting
- About CISCO Router
- Layer-2 Switching
- Virtual LAN
- Trunking
- Inter VLAN
- Extended & Voice VLAN
- VLAN Trunking Protocol
- Spanning Tree Protocol
- Ether Channel
- Layer-3 Routing
- Static Routing
- Default Routing
- Routing Information Protocol
- Enhanced Interior Gateway Routing Protocol
- Open Shortest Path First
- Access Control List
- Network/Port Address Translation
- WAN Technologies
- Leased Lines
- Frame Relay
- Metro-Ethernet
- Multi Protocol Label Switching
- Virtual Private Network
- Cyber Security Attacks
- WAPT
- Information Gathering(WEB)
- Cookies & Session Management
- SQL Injection
- Cross Site Scripting
- Cross Site Request Forgery
- Insecure Direct Object Request
- Command Injection
- HTML Injection
- File Upload
- URL Redirection
- Local & Remote File Inclusion
- HTTP Authentication
- Web Shells
- Encoding Methods
- Firefox Addons
- Python
- CTF Challenge
URL REDIRECTION
01 Basic(Clear Text)
02 Encoding(Normal/Hex/Multilevel)
03 Base64
04 Hashing
05 Salt
A redirect automatically sends website’s visitors to some different location or URL. Redirection could be either at different location within the same site or a new site.
Unsecure redirection and forwarding are the outcomes when a web application accepts untrusted inputs that could cause web application to redirect the request to a URL contained within untrusted/unvalidated input. We can also call this type of redirection as Unvalidated Redirection.
** Basic Redirection:
The below image shows the redirection link(Highlighted) which is a clear text (192.168.93.156/redirect/01-redirect/re.php?url=http://www.hackingarticles.in)
This page is redirecting to http://www.hackingarticles.in
This is a basic and simple redirection, from one page to another through php scripts without considering any security measures in account.
** URL Encoding:
The below image shows the redirection link(Highlighted) which is a clear text (192.168.93.156/redirect/02-hex/re.php?url=http://www.hackingarticles.in)
Here, We are not changing the page of redirection site instead, we are going to use simple URL encoding. We can send our URL in URL Encoded format and the encoded URL is being decoded through the script running on our redirected php page(re.php in this case)
We can use any online/offline tool to convert for calculating URL encoded value.
This case we using http://www.meyerweb.com and Burpsuite – Decoder.
Below is the value of URL encoder of http://www.hackingarticles.in
192.168.93.156/redirect/02-hex/re.php?url=http://www.hackingarticles.in
We will land in the same page if we use URL encoding,
192.168.93.156/redirect/02-hex/re.php?url=http%3A%2F%2Fwww.hackingarticles.in
** HEX Encoding:
Here we are converting the redirection URL into Hexadecimal Value using Burpsuite – Decoder.
Single Hex encoded value of http://www.hackingarticles.in is,
%68%74%74%70%3a%2f%2f%77%77%77%2e%68%61%63%6b%69%6e%67%61%72%74%69%63%6c%65%73%2e%69%6e
** Multilevel Encoding:
Multilevel encoding where we are re-encoding the pre-encoded value.
The Double encoded value of http://www.hackingarticles.in are
%25%36%38%25%37%34%25%37%34%25%37%30%25%33%61%25%32%66%25%32%66%25%37%37%25%37%37%25%37%37%25%32%65%25%36%38%25%36%31%25%36%33%25%36%62%25%36%39%25%36%65%25%36%37%25%36%31%25%37%32%25%37%34%25%36%39%25%36%33%25%36%63%25%36%35%25%37%33%25%32%65%25%36%39%25%36%65
Which is also landing in the same page.
** Base 64 Encoded Redirection:
Below image shows the redirection link which is a Base 64 encoded.
http://192.168.93.156/redirect/03-base64/re.php?url=aHR0cDovL3d3dy5oYWNraW5nYXJ0aWNsZXMuaW4%3D
If we wanted to redirect to different site, for example http://google.com
Changing the redirection link from base64 of http://hackingarticles to http://goolge.com is below,
http://192.168.93.156/redirect/03-base64/re.php?url=aHR0cDovL3d3dy5oYWNraW5nYXJ0aWNsZXMuaW4%3D
to
http://192.168.93.156/redirect/03-base64/re.php?
url=aHR0cDovL2dvb2dsZS5jb20=
The above page is landing to http://google.com as expected.
** Redirection using Hash Values:
In this article, We will cover the more secured way of redirection using hashing techniques.
Below is the image shows the link of redirection and the site
http://192.168.93.156/redirect/04-hashing/re.php?url=http://www.hackingarticles.in&hash=8258c1efb05943d059476150cb22df1d
We can see that the redirection link not only contains the redirection URL as a parameter but also generating the hash value using MD5/SH1/SHA512 or any of the hashing algorithm. The redirection will only work if the combination of URL and its hash value is correct else it will not work.
For understanding, our redirection link showing the parameters like URL and Hash value but in real development, developers will hide those details. So that attacker will not be able to judge where the page is being redirected.
For this exercise, We will make use of hash calculator(HashCalc) tool.
MD5 hash value of http://www.hackingarticles.in is 8258c1efb05943d059476150cb22df1d
For testing, We will change the hash value from 8258c1efb05943d059476150cb22df1d to 9258c1efb05943d059476150cb22df1d
Above screenshot clearly shows that, URL and hash value is not matching and hence the redirection is not working.
** Redirection using Hash Values with Salting:
To increase the security of redirection URL, introducing about salting. Salt is a parameter which is added to be more secure with URL redirecton. Salt value could be a combination of characters, digits, alphanumeric, special character or anything we can define.
Salt value may be added in the front or end of the URL and this is based on developer interest.
Here in our example, below is the redirection URL with salting and hashing.
http://192.168.93.156/redirect/05-salt/re.php?url=http://www.hackingarticles.in&salt=black&hash=1c175b02baf8cf857523fdfe6c2d7645
When we click on redirect link redirection script on re.php will catch the passed URL and generate its hash value(We are using SHA1 hash algorithm) by appending the salt value(Black) in front of the URL and compare the generated hash value we have sent with the request. Link will take us to redirection page only both the value matches.
SHA1 hash value of http://www.hackingarticles.in{black} is 1c175b02baf8cf857523fdfe6c2d7645
If the value didn’t match, below is the output we get,