Hey Folks, in this tutorial we are going to talk about an interesting tool called “Oralyzer” which will help us to identifying the open redirections vulnerability in the websites. It will automatically find the vulnerability by adding the vulnerable parameter.
Lets take a Look 🙂 !!
Installation
First we need to configured this tool and for this mission we will download from the github page by using the git tool.
1 | git clone https://github.com/0xNanda/Oralyzer.git |
After downloading, a directory will be created in the name of this tool in which we will have to go.
1 | cd Oralyzer/ |
We will give some chmod permission of the this tool.
1 | pip3 install -r requirements.txt |
It’s all done ! now we are ready to start this tool by using the python tool.
1 | python3 oralyzer.py |
Example
Take an example and try to find out the tool are work fine or not. For this mission we will use XVWA and bWAAP vulnerable web application.
Usage 🙂 python3 oralyzer.py -u < URL >
As you see it has identified the vulnerability of open redirection and has given us several types of payloads, with the help of which we can exploit the vulnerability.
Lets take another example and in this attempt we will give the vulnerable parameter of bWAAP application. Keep in mind you need to change the URL in your case.
Usage 🙂 python3 oralyzer.py -u < URL >
Finally it has again stood up to the challenge and successfully identified the vulnerability. Also it has more features that we can use to enhance our results.
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.