O'Reilly logo

Mastering Modern Web Penetration Testing by Prakhar Prasad

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Exploiting OAuth for fun and profit

Now that we've learned about different OAuth mechanisms, let's go straight to exploitation techniques.

Open redirect – the malformed URL

Let's say we're doing a phishing/client-side browser exploitation as a part of a penetration test engagement for an organization. Our exploit page is located at http://exploit.example.com/ and they really trust some known websites. In this example, we consider a trusted website to be http://trusted.com.

Simply speaking, if we give the exploit link directly to the users, they may not click it, but a www.trusted.com link will have better chances of getting a hit. That's what open-redirect is all about; redirecting the user from www.trusted.com to exploit.example.com will perform ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required