jedai47
commented
2 years ago You should remove the L from the -iL so it doesnt follow the redirect
Closed jedai47 closed 2 years ago
jedai47
commented
2 years ago You should remove the L from the -iL so it doesnt follow the redirect
iamj0ker
commented
2 years ago Hi @jedai47, the reason for adding follow redirection is because, when we try most bypasses. There is a chance of redirecting back to same page. In such conditions all responses will be 302 with almost same length. So we would need to manually reverify that. If it follow redirection automatically, it is easy for the user to distinguish the responses.
Here if you try with this https://reptox.cnesst.gouv.qc.ca/bin/admin_backup/catall.aspx we got a line with: 200,101017 --> https://reptox.cnesst.gouv.qc.ca -H X-rewrite-url: /bin/admin_backup/catall.aspx
in fact when i go over it in burp I actually got a 302 redirect. Any idea how or why ?