Description
Add an HTTP engine check that tests for open redirect vulnerabilities. The scanner should try common redirect parameters with external URLs and check if the server follows them.
What to add
A new check function in src/engine/checks.rs that:
- Tries common redirect parameters:
?redirect=, ?next=, ?url=, ?return=, ?returnTo=
- Sets value to
https://evil.com
- Checks if response is a 3xx redirect to that URL
- Creates a finding with VCVD ID
VC-FE-005
Files to edit
src/engine/checks.rs — add check_open_redirects functionsrc/engine/mod.rs — wire it into quick_scan and full_scan
Description
Add an HTTP engine check that tests for open redirect vulnerabilities. The scanner should try common redirect parameters with external URLs and check if the server follows them.
What to add
A new check function in
src/engine/checks.rsthat:?redirect=,?next=,?url=,?return=,?returnTo=https://evil.comVC-FE-005Files to edit
src/engine/checks.rs— addcheck_open_redirectsfunctionsrc/engine/mod.rs— wire it intoquick_scanandfull_scan