Lazy Diary @ Hatena Blog

PowerShell / Java / miscellaneous things about software development, Tips & Gochas. CC BY-SA 4.0/Apache License 2.0

Pause before HTTP redirect (302) and get redirection URI with Chrome developer tools

Computer Security Software Development

Context

  • When you try to attack to OAuth2 Authorization Code Flow with CSRF (See RFC 6749 "10.12. Cross-Site Request Forgery"), you have to pause before redirect in order to get redirection URI, because the redirection URI is unique and will be invalidated after the access to the URI.
  • Client local proxy like Burp Suite or Fiddler is widly used for this purpose. But sometimes it is prohibited to install such local proxy, because of asset management policy or security policy of their organization.
  • With Chrome, you can pause before redirect with code below (See Chrome: pause before redirect). This code can just pause before redirect, but you cannot get redirection URI (No request will be shown in the Network tab on Chrome developer tools).
window.addEventListener("beforeunload", function() { debugger; }, false)

Solution

  1. Open Chrome developer tools and open "Network" tab.
  2. Once access to an URL that redirect request.
  3. Right-click the redirection URI and select "Block request URL". The "Request blocking" tab will be automatically opened.
  4. In the "Request blocking" tab, replace variable part of URI with wildcard (*).
  5. Access to the URL same as 2. again.
  6. In the "Network" tab, the blocked request (request URI) will be hilighted in red. Right-click the request and select [Copy]-[Copy link address].