Working with Oralyzer Tool on Kali Linux OS
Example 1: Simple Scan Target
python3 oralyzer.py -u http://127.0.0.1/bWAPP/bWAPP/unvalidated_redir_fwd_1.php?url=
1. In this example, We will be testing Open Redirection vulnerability on the bWAPP Application. We have passed the URL in the -u tag.
2. In the below Screenshot, We have got the results, as the tool has inserted some payloads and returned the result.
3. In the below Screenshot, We are trying to perform Open Redirection by copying one of the malicious URLs which we received as our result.
4. In the below Screenshot, We are redirected to google.com as the payload worked, it means that the specified URL is vulnerable to Open Redirection.
Example 2: Scan for CRLF Injection
python3 oralyzer.py -u http://127.0.0.1/bWAPP/bWAPP/unvalidated_redir_fwd_1.php?url= -crlf
1. In this example, We are testing the URL for CRLF Injection Vulnerability. CRLF injection is a software application coding vulnerability that occurs when an attacker injects a CRLF character sequence where it is not expected. We have used -crlf tag for the usage
2. In the below Screenshot, We have got the results of our CRLF Test.
Example 3: Saving Output
python3 oralyzer.py -u http://127.0.0.1/bWAPP/bWAPP/unvalidated_redir_fwd_1.php?url= > output.txt
1. In this example, We are saving the results in the text file for further usage. We have used the Redirection (>) symbol for saving the results.
2. In the below Screenshot, We are displaying the results which are saved in the text file (output.txt).
Oralyzer : Linux Tool To Identify Open Redirection
Open Redirection is the security vulnerability in a web-based application that causes it to fail to properly authenticate URLs. When any web-based application receives requests for URLs, they are supposed to prove that the requested URLs are an integral part of their domain. No other URLs should be redirected except the authenticated one. So there are various scenarios to test this Open Redirection flaw. These can be done through manual testing by analyzing the parameters and inserting the payload, but it becomes difficult to test the application manually; so the automated approach is feasible for testing Open Redirection flaw. Oralyzer is the tool that tests the web-based application for Open Redirection and also CRLF Injection flaw. Oralyzer tool is a fully automated tool developed in the Python language. It also supports proxy, custom payload use, and extracting URLs from the Wayback Machine. Oralyzer tool is open-source and free-to-use.
Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux