Exploiting OAuth for fun and profit

Now that we've learned about different OAuth mechanisms, let's go straight to exploitation techniques.

Open redirect – the malformed URL

Let's say we're doing a phishing/client-side browser exploitation as a part of a penetration test engagement for an organization. Our exploit page is located at http://exploit.example.com/ and they really trust some known websites. In this example, we consider a trusted website to be http://trusted.com.

Simply speaking, if we give the exploit link directly to the users, they may not click it, but a www.trusted.com link will have better chances of getting a hit. That's what open-redirect is all about; redirecting the user from www.trusted.com to exploit.example.com will perform ...

Get Mastering Modern Web Penetration Testing now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.