How this template works
APIs Selection
The API selection filters in this template are used to filter the responses based on specific criteria. In this case, the filters check for a response code of 302 (redirect) and extract the value of the "location" header from the response.
Execute request
The execute section of the template defines the actions to be performed on the request. It modifies the query parameter, body parameter, and header of the request by replacing the value of the "location" key with a malicious URL constructed using the extracted value from the response. It also disables following redirects.
Validation
The validation section checks the response code and response headers of the modified request. It ensures that the response code is still 302 (redirect) and that the "location" header contains either "evil.com". This validates that the modification was successful and the redirection is happening as intended.
Frequently asked questions
"The text editor in Akto is absolutely remarkable. Its user-friendly YAML format strikes the perfect balance between simplicity and power. With intuitive features like 'API selection filter', 'Execute', Validate' creating test rules becomes incredibly easy. Akto's test editor is a game-changer, enabling seamless creation of highly personalized and effective tests that could meet the needs of any modern day organization. "
Security team,
Rippling
Explore other tests
eSMTP - Config Discovery
Nginx - Git Configuration Exposure
Laravel - Sensitive Information Disclosure
Docker Container - Misconfiguration Exposure
Msmtp - Config Exposure
Parameters.yml - File Discovery
Mongo Express - Unauthenticated Access
Apache Airflow Configuration Exposure
Dockerrun AWS Configuration Exposure
Apache Config file disclosure
Appspec Yml Disclosure
CGI script environment variable
