SKILL: Open Redirect — Expert Attack Playbook AI LOAD INSTRUCTION : Open redirect techniques. Covers parameter-based redirects, JavaScript sinks, filter bypass, and chaining with phishing, CSRF Referer bypass, OAuth token theft, and SSRF. Often underrated but critical for phishing and as a building block in multi-step exploit chains. 1. CORE CONCEPT Open redirect occurs when an application redirects users to a URL derived from user input without validation. The trusted domain acts as a "launchpad" for phishing or token theft. --- 2. FINDING REDIRECT PARAMETERS Common Parameter Names Server-Si…