Understanding Redirection with Hashing and Crypto Salt (Part 2)

In the previous article we have explained the concept of redirection with basic redirection and encoded redirections; in this article, we will cover the more secured redirection using hashing and salting techniques.

In this article also we will be covering the redirection using the same php scripts with little modification within the code.

Redirection using Hash Values

On browser type //localhost/hashing/home.php

Hover on Redirect Link pointing to redirection page (re.php). We can see that the redirection link not only contains the URL as a parameter but also the hash which means that we are not only passing the URL as a parameter but also generating the hash value using MD5/SH1/SHA512 or any of the hashing algorithm and redirection will only work if the combination of URL and its hash is correct else not.

(Shown in the figure below). This is a more secure way of redirection.

For the sake of understanding our redirection link is showing the parameters like URL and Hash but in the case or real development, we can hide them so that attacker won’t be able to judge where the page is being redirected.

When we click on Redirect Link redirection script on re.php will catch the passed URL and generate its hash value (we are using MD5 hash algorithm) and compare the generated hash value with the hash value we have sent with the request, if both the hash values match the redirection would work else it will fail.

We are using a hash calculator for generating the MD5 Value of “//www.hackingarticles.in”.

The MD5 hash value of “//www.hackingarticles.in” is 8258c1efb05943d059476150cb22df1d

 In the below image we are replacing the original hash value of “//www.hackingarticles.in”   from its original value which is “8258c1efb05943d059476150cb22df1d” to any different value for example “9258c1efb05943d059476150cb22df1d” (we have replaced only first digit from 8 to 9).

The redirection has failed and the script has returned an error message. Finally, we are sending the URL along with the generated Hash Value as parameter and result is below

Redirection using Hash Values with salting

On browser type //localhost/hashing/home.php (the page where we have our scripts)

Hover on Redirect Link pointing to redirection page (re.php). Here we can see one more additional parameter salt. As in the previous methodology we have worked with Hash values while working with salting we are introducing one more parameter salt and generating the hash value of the URL by prepending or appending the salt value in front of the URL or at the end of the URL. The salt value could be anything, it could be a combination of characters, digits, alphanumeric, special character or anything we want (In this example we are using the salt value “ignite”). By using salts we are further increasing the security for redirecting the URL.

 For the sake of understanding our redirection link is showing the parameters like URL and Hash and Salt but in the case or real development, we can hide them so that attacker won’t be able to judge where the page is being redirected.

 When we click on Redirect Link redirection script on re.php will catch the passed URL and generate its hash value (we are using Sha1 hash algorithm) by appending the salt value (ignite) in front of the URL and compare the generated hash value with the hash value we have sent with the request, if both the hash values match the redirection would work else it will fail.

in Above image we are generating the Sha1 hash value by appending the salt “ignite”  in front of the URL “//www.hackingarticles.in” , we can use any online/offline converter in this example we are generating Sha1 hash through //online-code-generator.com/sha1-hash-with-optional-salt.php

The sha1 hash value of the URL with salt is: 5955e7e3533a0afac6ddfee60a32e2a6731cf626

If the hash value sent is different from the original value our script will return an error. In below Image we are changing the sha1 hash value from 5955e7e3533a0afac6ddfee60a32e2a6731cf626 to 8955e7e3533a0afac6ddfee60a32e2a6731cf626 (we are replacing only first digit from 5 to 8) we will get the following result.

Finally, we are sending the URL along with the generated Hash Value as parameter and result is below

Author: Ankit Gupta, the Author, and co-founder of this website, An Ethical Hacker, Telecom Expert, Programmer, India. He Has Found his Deepest Passion To Be Around The World Of Telecom, ISP and Ethical Hacking. Contact Here

Leave a Reply

Your email address will not be published. Required fields are marked *