The HTTP response status code 302 Found is a common way of performing URL redirection.
These redirections are meant to last forever. They imply that the original URL should no longer be used, and replaced with the new one
301 Moved Permanently
308 Permanent Redirect
Sometimes the requested resource can’t be accessed from its canonical location, but it can be accessed from another place. In this case, a temporary redirect can be used.
302 Found GET methods unchanged.
303 See Other
307 Temporary Redirect
1. Trying to access http://bank.htb/, I get redirected to http://bank.htb/loging.php
In the response we see the following
HTTP/1.1 302 Found = 302 redirection code
location: login.php = redirection to
Indicating we will redirect to http://bank.htb/login.php
This all happens automatically. We are sent to a log in page
2. Capturing the response and filtering 30X responses to set 200 OK will let us bypass this redirection.
- Proxy -> Options -> Intercept Server Responses -> Check box (Intercept responses…)
3. Now edit “Match and Replace” section
Now add a new rule
Fill in the blanks
- Type: Response header
- Match: 30 Found #match either 301 or 302
- Replace: 200 OK
- Comment: VK9 redirection bypass
- Check “Regex match”
- Click OK, enable the setting by activating the checkbox
4. Now, test again
We are now getting a 200 OK response. We are now shown a different page and view, then the log in page