A simple, powerful tool for security researchers and developers to test for open redirect vulnerabilities. Generate payloads and run safe simulations instantly.
Start Testing NowAn open redirect is a common but serious vulnerability (CWE-601) that can make your website an accomplice in phishing attacks, damaging user trust and your brand's reputation.
Attackers exploit open redirects to make malicious links look like they come from your trusted domain, tricking users into giving up credentials.
By finding and fixing these flaws, you protect your users from being redirected to harmful websites that can steal data or install malware.
Regularly testing for common vulnerabilities like open redirects is a fundamental part of a robust web application security program.
An open redirect occurs when a web application uses user-supplied input to redirect them to another URL without proper validation. An attacker can create a link with your trusted domain that automatically redirects the user to a malicious site. Example: `your-site.com/redirect?url=http://evil-site.com`.
Our tool intelligently parses the URL(s) you provide to find **all** parameters. For each parameter, it generates a list of new URLs with common payloads pointing to a safe, user-defined domain. You can then click these links to safely simulate an attack and see if the redirect occurs.
The best way is to avoid using user-controlled data in redirect URLs. If you must, implement a strict allow-list of approved, safe domains. Never rely on a block-list, as attackers can often bypass them. Always validate and sanitize all user input that influences redirects.