Exploiting OAuth for fun and profit
Now that we've learned about different OAuth mechanisms, let's go straight to exploitation techniques.
Open redirect – the malformed URL
Let's say we're doing a phishing/client-side browser exploitation as a part of a penetration test engagement for an organization. Our exploit page is located at http://exploit.example.com/
and they really trust some known websites. In this example, we consider a trusted website to be http://trusted.com
.
Simply speaking, if we give the exploit link directly to the users, they may not click it, but a www.trusted.com
link will have better chances of getting a hit. That's what open-redirect is all about; redirecting the user from www.trusted.com
to exploit.example.com
will perform ...
Get Mastering Modern Web Penetration Testing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.