Exploitable redirects on the web: identification, prevalence, and defense

Authors:
Craig A. Shue;Andrew J. Kalafut;Minaxi Gupta
Affiliations:
Indiana University;Indiana University;Indiana University
Venue:
WOOT'08 Proceedings of the 2nd conference on USENIX Workshop on offensive technologies
Year:
2008

Citing 1
Cited 1

Learning to detect phishing emails

Proceedings of the 16th international conference on World Wide Web

Phi.sh/$oCiaL: the phishing landscape through short URLs

Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference

Quantified Score

Hi-index	0.00

Visualization

Abstract

Web sites on the Internet often use redirection. Unfortunately, without additional security, many of the redirection links can be manipulated and abused to mask phishing attacks. In this paper, we prescribe a set of heuristics to identify redirects that can be exploited. Using these heuristics, we examine the prevalence of exploitable redirects present in today's Web. Finally, we propose techniques for Web servers to secure their redirects and for clients to protect themselves from being misled by manipulated redirects.