Page redirection help

[Hinty]

Hey people, i hope you can help!

 

I wrote a PHP script that checks a website for SQL injection but recently came across a problem with redirection.

The problem is when the homepage is redirected with javascript or the meta tag.

It currently works if the status code received is 301 but obviously returns 200.

I need a way to get the new URL it redirects to.

 

e.g 'http://example.com' is redirected to 'http://example.com/html/' i need the URL of the new page which is 'http://example.com/html/'.

 

Only option i could think is to scan the code for JS or meta tag redirection but don't fancy that tbh.

 

Any help will be greatly appreciated 

 

Thanks

[Hinty]

no ideas?  :'(

[rarebit]

not fully sure what you mean, but would $_SERVER['HTTP_REFERER'] provide what you want?

[discomatt]

Why are you redirecting by JS or META tag? Both are client-side effects, and can be easily disabled

 

I don't quite understand... aren't you the one defining the redirect page in the first place?

[rarebit]

i presumed he was spidering, but otherwise, yes use 'header()'

[Hinty]

Its not my page redirecting its other websites. Sorry i was in a rush typing, I'll try to be clearer.

 

Basically my script starts as a spider and gathers all page names and potential vulnerable pages. When it starts the script uses the input url but if the pages are redirected via a meta tag or JS the URL doesn't work. The page uses CURL to retrieve relevant page info but can't tell the page has been redirected unless the status code is 301.

 

I was wondering if there is a way or you have any ideas how the script can tell the page has been redirected.

 

Sorry for confusion

[rarebit]

Just looking at your website. Shouldn't that be 'Ethical Cracking', try calling it 'hacking' on linux questions!

Being a inux user I was unable to run your microsoft xls calculators, do you provide them in any other formats?

[rarebit]

-L/--location

 

(HTTP/HTTPS) If the server reports that the requested page has moved to a different location (indicated with a Location: header and a 3XX response code) this option will make curl redo the request on the new place. If used together with -i/--include or -I/--head, headers from all requested pages will be shown. When authentication is used, curl only sends its credentials to the initial host. If a redirect takes curl to a different host, it won't be able to intercept the user+password. See also --location-trusted on how to change this. You can limit the amount of redirects to follow by using the --max-redirs option.

 

When curl follows a redirect and the request is not a plain GET (for example POST or PUT), it will do the following request with a GET if the HTTP response was 301, 302, or 303. If the response code was any other 3xx code, curl will re-send the following request using the same unmodified method.

 

If this option is used twice, the second will again disable location following.

[Hinty]

Its the term used by security professionals, its a mere title. If anything i guess it would be 'Ethical Exploiter'.

I shall see if a linux version was created otherwise some1 will create 1.

 

if the page is redirected with client side scripting the status code returned is 200. The script works perfectly when the status code returned is 301

[rarebit]

I assume you've read <a href="http://www.amazon.co.uk/gp/product/076454280X?ie=UTF8&tag=wwwrawstar7co-21&linkCode=as2&camp=1634&creative=6738&creativeASIN=076454280X">The Art of Deception: Controlling the Human Element of Security</a><img src="http://www.assoc-amazon.co.uk/e/ir?t=wwwrawstar7co-21&l=as2&o=2&a=076454280X" width="1" height="1" border="0" alt="" style="border:none !important; margin:0px !important;" />.

 

As for curl, I don't use it much, but, does it return the page and not do the redirect (on a 200), if so, then yes you must parse the page for any appropriate tags. I'd do a full DOM traverse, instead of a simple grep, because the page could be referring to code. Either which way the link address should be apparent even if not in an 'a href'...

[Hinty]

I have not read that, i shall give it a look 

 

I shall give it a go, wish there was a simpler way!  Thanks for your help