00 — Overview

Open Redirect

Learn how unvalidated redirect parameters let attackers redirect users to malicious sites — and how chaining with OAuth creates critical token theft.

Beginner·40 min·5 tasks

// By the end of this module

→Identify open redirect parameters in URL query strings

→Chain open redirects with OAuth flows to steal authorisation codes

→Bypass redirect validation using URL encoding and subdomain tricks

→Use open redirects as a stepping stone in phishing campaigns

// Prerequisites

Foundation · Beginner

45 min