Tuesday, May 15, 2012

Control HTTP redirects with NoRedirect

Web application technologies were designed and developed to share documents between trusted user groups. The advent and and growth of Internet brought it into a higher level. Now, security is being integrated into an already developed infrastructure can't be foolproof all the time.

NoRedirect add-on is a must have tool if you are into web application penetration testing. Like any other exploits the level of impact is only limited by your imagination. HTTP redirects are used for redirecting users from one page to another. This redirection can be due to various reasons. For example, the user does not have permission to access a particular page and it redirects to a login page. The origin page might be having confidential infromation, configuration details, or it can be an administratie webpage.



Usage of this tool is very simple, all you have to do is to make a rule. For example, if you want to disable all HTTP redirects on getmantra.com, you can do it by adding following rule to NoRedirect tool:

^http://getmantra.com/

You can see a video below where NoRedirect extension is used access administrative page of a popular Content Management System.




On the video page you can get the links to vulnerable application so that you can do it yourself. From now on make this test an essential part of your security auditing.

9 comments:

  1. IVR Plugin is a software package for producing Internet-based courses and web sites. It is a global development project designed .,,visit site

    ReplyDelete
  2. We are providing quality Java course training with low price in Chennai, Bangalore and Hyderabad. Java technology’s versatility, efficiency, platform portability, and security make it the ideal technology for network computing.


    java training in chennai

    ReplyDelete
  3. Besant Technologies is a private limited Corporate Training companies in India registered under the Companies Act, 2011 having its registered office in Chennai, India. Android Training in Chennai |
    Android Training in Chennai |
    Android Training in Chennai |
    Android Training in Chennai |

    ReplyDelete
  4. Very nice article...Thanks for sharing the best information...

    android and ios training in bangalore

    ReplyDelete
  5. Really awesome blog. Your blog is really useful for me. Thanks for sharing this informative blog. Keep update your blog. Java Training in Chennai

    ReplyDelete
  6. Thanks for your article on Android technology. Android is an open source platform that allows developers to create stunning website loaded with various advanced features and functionalities....Android Training in Bangalore

    ReplyDelete
  7. I would like to thank you for the efforts you have made in writing this post.
    - trump twitter

    ReplyDelete