There is another potential vector when we are managing redirects, known as shorteners. Sometimes the URL generated by an application or created by a developer is too long or complex to remember; URL shorteners were invented for such cases.
URL shorteners are services where anyone can store a URL, temporary or permanently, and then the service will generate a new one. This new URL is shorter than the original and easy to remember. A user can access the resource, using this shorter URL. This will redirect the user to the original URL:
For example, imagine we have an original URL, such as the following:
http://www.testsiste.com/redirect?url=http://othersite.com/evil.php
This looks malicious and a normal user may not want to click on it, even if it is encoded:
http://www.testsite.com/redirect?url=%68%74%74%70%3A%2F%2F%65%76%69%6C%77%65%62%73%69%74%65%2E%63%6F%6D%2F%70%77%6E%7A%2E%70%68%70
It still looks weird, but if we use a shortener, we can get a URL that appears normal:
http:...