The HTTP response status code 302 Found is a common way of performing URL redirection.

Permanent redirections

These redirections are meant to last forever. They imply that the original URL should no longer be used, and replaced with the new one

Code Text

301 Moved Permanently

308 Permanent Redirect

Temporary redirections

Sometimes the requested resource can't be accessed from its canonical location, but it can be accessed from another place. In this case, a temporary redirect can be used.

Code Text

302 Found GET methods unchanged.

303 See Other

307 Temporary Redirect

Hacking steps

1. Trying to access http://bank.htb/, I get redirected to http://bank.htb/loging.php

  • Request

  • Response

In the response we see the following

HTTP/1.1 302 Found = 302 redirection code

location: login.php = redirection to

Indicating we will redirect to http://bank.htb/login.php


New request

New Response

This all happens automatically. We are sent to a log in page

2. Capturing the response and filtering 30X responses to set 200 OK will let us bypass this redirection.

  • Proxy -> Options -> Intercept Server Responses -> Check box (Intercept responses…)

3. Now edit “Match and Replace” section

Now add a new rule

  • Add

Fill in the blanks

  • Type: Response header
  • Match: 30[12] Found #match either 301 or 302
  • Replace: 200 OK
  • Comment: VK9 redirection bypass
  • Check “Regex match”

  • Click OK, enable the setting by activating the checkbox

4. Now, test again



We are now getting a 200 OK response. We are now shown a different page and view, then the log in page