This plugin finds global redirection vulnerabilities. This kind of bugs are used for phishing and other identity theft attacks. A common example of a global redirection would be a script that takes a “url” parameter and when requesting this page, a HTTP 302 message with the location header to the value of the url parameter is sent in the response. Global redirection vulnerabilities can be found in javascript, META tags and 302 / 301 HTTP return codes.

Plugin type



This plugin doesn’t have any user configured options.


For more information about this plugin and the associated tests, there’s always the source code to understand exactly what’s under the hood:
github-logoPlugin source code
Unittest source code


This plugin has no dependencies.