All searches result in "Unknown Redirection" message

[aaronleshalock]

Describe the bug I've noticed over the past few weeks that any company search results in an error "Some unknown redirection occurred.".

To Reproduce Command: ./linkedin2username.py -c <COMPANY> -u <USER-EMAIL>

Verify Expected Results I logged into the LinkedIn account I use for this and verified the company page is accessible and I can view employees. I have also executed the tool against prior client companies where the tool had previously produced the expected output and I now receive the same error as above ("Some unknown redirection occurred").

Additional context No special setup.

[initstring]

Hi @aaronleshalock - thanks so much for taking the time to open an issue!

I actually don't use this tool myself much these days, so I only find out about a breaking change when someone reports it. This is helpful.

I just ran the tool myself, though, and I can't reproduce your problem.

Can you run the tool with the -x or --proxy command to go through ZAP or Burp and take a look at the 302/303 you are receiving? Any details you can provide to troubleshoot would be helpful, of course being careful not to share cookies or credentials.

Thanks!

Also, BTW, the bit of code you are hitting is here. So perhaps they've changed some strings that I'm matching on or perhaps there is a new type of redirect that I don't know about:

    if response.status_code == 302 or response.status_code == 303:
        redirect = response.headers['Location']
        if 'feed' in redirect:
            print(PC.ok_box + "Successfully logged in.\n")
            return session
        if 'challenge' in redirect:
            print(PC.warn_box + "LinkedIn doesn't like something about this"
                  " login. Maybe you're being sneaky on a VPN or something."
                  " You may get an email with a verification token. You can"
                  " ignore the email. Log in from a web browser and try"
                  " again.\n")
            return False
        if 'captcha' in redirect:
            print(PC.warn_box + "You've triggered a CAPTCHA. Oops. Try logging"
                  " in with your web browser first and come back later.")
            return False

        # The below will detect some 302 that I don't yet know about.
        print(PC.warn_box + "Some unknown redirection occurred. If this"
              " persists, please open an issue on github.\n")
        return False

[aaronleshalock]

Thanks for the response. It looks like it was somewhat related to my account. It was redirecting me over to add/confirm my phone number, but for some reason that didn't show up when i logged in on the web. After confirming my phone number, everything works as expected.

Here's the HTTP request:

POST /checkpoint/lg/login-submit?loginSubmitSource=GUEST_HOME HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-us; SCH-I535 Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
X-RestLi-Protocol-Version: 2.0.0
Content-Length: 160
Content-Type: application/x-www-form-urlencoded

Here's the relevant portion of the response as shown in Burp

HTTP/1.1 303 See Other
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: /check/add-phone?country_code=us

Thanks!

[initstring]

Thank you very much for the detail!

Probably there is a way to skip past it in the tool, but it's hard to test as it doesn't prompt me.

Instead, I chose the easy way out and simply added it in the list of error checks in https://github.com/initstring/linkedin2username/commit/2e0dbe1a88692f86a09a423234a699359b476211.

Thanks again!