- Navigate to OWASP 2013 | A10 – Unvalidated Redirects and Forwards | Credits:
- Click the ISSA Kentuckiana link available on the Credits page:
- Switch to the Burp Proxy HTTP history tab, and find your request to the Credits page. Note that there are two query string parameters: page and forwardurl. What would happen if we manipulated the URL where the user is sent?
- Switch to the Burp Proxy Intercept tab. Turn Interceptor on ...