Bypassing Authentication with the Firefox Addon NoRedirect

| Posted in Security Videos |


  • Sumo

This is my first tutorial. .

Enjoy. .

Download video here ->


Comments (4)

Unfortunately this kind of bypass won’t work in 99% of cases – apart from apps that are particularly badly designed or are designed to be vulnerable (such as the one in the video).

99% is an exaggerated figure. .You’ld be surprised at how many web apps this bypass works for. .and NO! This particular web application was NOT designed to be vulnerable. .It was a client’s webapp pentest I did, and being saddled with the responsibility of fixing the vulns, I had access to all the codes. So what I just did was to replicate locally on my system and also remove all front-end designs in a bid to cover the client’s identity (that is. .after all permissions had been given by the client). 🙂

Hi, How do you identify the site with this vulnerability? Is that all CMS based site has this vulnerability? What kind of vulnerability is this? regards, GS

1. You can easily find out during the scanning stage. Use Nikto or DirBuster to find hidden directories/files and then use the "NoRedirect addon" to directly access it.

2. No.

3. It's called Direct page request or forced browsing

Post a comment