1. first hit the website : localhost(your ip)

  2. then go to OWASP MUTILIDAE II
    attachments/Pasted image 20250312160035.png

  3. then owasp 2013 → A10-Unvalidated redirects → Credits
    attachments/Pasted image 20250312160052.png

  4. click OWASP
    attachments/Pasted image 20250312160102.png

attachments/Pasted image 20250312160132.png

  1. intercept on → refresh the same page → then go to proxy → http history → then got the index.php url → right click and send to repeater
    attachments/Pasted image 20250312160232.png

  2. then edit the orl to www.evil.com and then SEND
    attachments/Pasted image 20250312160245.png

  3. then do right click → show response in browser
    attachments/Pasted image 20250312160301.png

  4. then copy the url and paste it the burp's browser
    attachments/Pasted image 20250312160314.png