I need to prevent the program from executing the redirect so I can see the sensitive information
<?php
$redirect_url = 'page2.php';
header("Location: " . $redirect_url);
?>
<div id="demo">This is sensitive information</div>
I expect the code to remain at the same page without redirecting to page2
I want to do it using the terminal or an external command supposing that I don’t control the site.
2
Answers
You can use curl which does not follow redirects by default.
See Is there a way to follow redirects with command line cURL?
Unless this is an overly simplified example of the real scenario, the site will leak the info anyway. The PHP script does not
die()after setting the header, so will continue to execute and output all the content. Setting a header does not stop the PHP script, it simply sends a HTTP response header to the client (in this case suggesting that it might like to redirect to the provided URL instead of displaying the response body). The header, plus any other content the script outputs, is all sent to the client side, which, once it has received everything the server provides, then decides what to do with it.The redirect will mean that the content is not visible in the browser’s main window (because the browser will follow the redirect header once it receives it), but you’d be able to see it by looking at the raw response to that request in the browser’s Network tool, or by requesting the page from non-browser HTTP tools such as Postman or cURL, which can be configured not to follow redirects automatically.