# Part II: Let's look at redirects

In the `Part I` of this tutorial, we saw a simple HTTP redirect handled at the server level. It is definitely not the only way to redirect a browser.

## Redirects in the webpage

### Meta refresh

#### The sane one

Redirects to https://example.com after 5 seconds.

```html
<head>
  <meta http-equiv="refresh" content="5; url=https://example.com/">
</head>
```

Read more on [Wikipedia](https://en.wikipedia.org/wiki/Meta_refresh).

#### The less sane ones

```html
<head>
  <meta http-equiv="refresh" content="5; url=redirect">
</head>
```

```html
<head>
  <meta http-equiv="refresh" content="5; url=../redirect">
</head>
```

```html
<head>
  <meta http-equiv="refresh" content="5; url=//example.com/">
</head>
```

**Questions**: 

* What does it do if the HTML is loaded from?
  * http://mydomain.com/
  * https://mydomain.com/
  * https://mydomain.com/sub_directory

**Examples**:

* https://lookyloo-testing.herokuapp.com/redirect_http
* https://lookyloo-testing.herokuapp.com/redirect_http_partial
* https://lookyloo-testing.herokuapp.com/subdir/redirect_http_path
* https://lookyloo-testing.herokuapp.com/redirect_http_partial_no_scheme
* https://lookyloo-testing.herokuapp.com/subdir/redirect_http_partial_no_slash


In [None]:
!curl https://lookyloo-testing.herokuapp.com/subdir/redirect_http_partial_no_slash

### JavaScript

Redirect to https://example.com, immediately or not.

#### window.location.href

```html
<script>
  window.location.href = "https://example.com";
</script>
```


#### With timeout

```html
<script>
  function redirectFunc() {                                                
    window.location.replace("https://example.com");
  }                                                                        
  setTimeout("redirectFunc()", 2000);                                      
</script>
```

```html
<script>
  function redirectFunc() {                                                
    window.location.assign("https://example.com");
  }                                                                        
  setTimeout("redirectFunc()", 2000);                                      
</script>
```


#### Obfuscated

```html
    <script>
      var _0xe753=["\x68\x74\x74\x70\x73\x3A\x2F\x2F\x77\x77\x77\x2E\x79\x6F\x75\x74\x75\x62\x65\x2E\x63\x6F\x6D\x2F\x77\x61\x74\x63\x68\x3F\x76\x3D\x69\x77\x47\x46\x61\x6C\x54\x52\x48\x44\x41","\x61\x73\x73\x69\x67\x6E","\x6C\x6F\x63\x61\x74\x69\x6F\x6E","\x72\x65\x64\x69\x72\x65\x63\x74\x46\x75\x6E\x63\x28\x29"];function redirectFunc(){window[_0xe753[2]][_0xe753[1]](_0xe753[0])}setTimeout(_0xe753[3],2000)
    </script>
```

**Question**:
* And what about partial URLs?


**Examples**:
* https://lookyloo-testing.herokuapp.com/redirect_js_loc
* https://lookyloo-testing.herokuapp.com/redirect_js_loc_replace
* https://lookyloo-testing.herokuapp.com/redirect_js_loc_assign
* https://lookyloo-testing.herokuapp.com/redirect_js_obfs
* https://lookyloo-testing.herokuapp.com/redirect_js_partial


In [None]:
!curl https://lookyloo-testing.herokuapp.com/redirect_js_obfs

### iFrame

Load the 3rd party page in your own:

```html
<body>
  <iframe src="//example.com" frameborder="0" marginheight="0" marginwidth="0"
    width="100%" height="100%" scrolling="auto"></iframe>
</body>
```

In [None]:
!curl https://lookyloo-testing.herokuapp.com/frame

### Messing with URL Parameters

A bit of everything, depending on the URL parameter...

In [None]:
!curl https://lookyloo-testing.herokuapp.com/url_parameter?ohai=2

In [None]:
!curl https://lookyloo-testing.herokuapp.com/url_parameter?blah=1

In [None]:
!curl https://lookyloo-testing.herokuapp.com/url_parameter?query=1

### Stuff fully server side (kinda)

#### 303 redirect

#### 404 with content

#### Refresh header

#### Location header

#### Location header (Partial, because of course you can)

#### User agent

#### IP

#### Cookie

#### Referer

In [None]:
!curl -v https://lookyloo-testing.herokuapp.com/server_side_redirect

In [None]:
!curl -v https://lookyloo-testing.herokuapp.com/missing

In [None]:
!curl -v -L https://lookyloo-testing.herokuapp.com/refresh_header

In [None]:
!curl -v https://lookyloo-testing.herokuapp.com/location_header

In [None]:
!curl -v -L https://lookyloo-testing.herokuapp.com/location_header_partial

In [None]:
!curl -v -L https://lookyloo-testing.herokuapp.com/ua

In [None]:
!curl -v -L https://lookyloo-testing.herokuapp.com/ip

In [None]:
!curl -v -L https://lookyloo-testing.herokuapp.com/cookie

In [None]:
!curl -v -L https://lookyloo-testing.herokuapp.com/referer