When I type in a URL and hit enter, for example abc.com, I don't expect to end up somewhere else. I expect an error page if there isn't a site with that URL. But instead I get redirected to another URL (another domain even: abc.go.com).
I'm no expert on web technology, but as far I can tell there are two main categories of redirect, DNS/registrar redirects (invisible) and server side redirects (visible, http code 301 or 302).
How do I prevent these server side redirects in Chrome? Best case scenario I get a prompt page telling me the page has a different URL or IP, asking if I want to continue.
Another example is hackoverflow.com I get redirected to two sites from here, after the first redirect I can glimpse a designed homepage before being moved on to a parking site. I'd like to stop halfway this double redirect and examine the second site.
6 Answers
I realize this is far from a perfect answer, as this will only work for responses that serve up content, but I decided to post it as there are currently zero useful, actionable answers.
As a quick-and-dirty solution you may be able to use the debugger (accessible by F12 or CTRL+SHIFT+I in most browsers) to give your self an opportunity to opt out of a redirect.
Run this line in the console before the page runs any scripts of its own:
window.onbeforeunload = function(){ return 'Leave page?'; };For example, using Chrome:
- Open the debugger (
F12) and switch to the Sources tab. - Press
F8to put the debugger into step-through mode. - Navigate to the problematic page. It will begin to load but the debugger won't allow scripts to run.
- Paste the above code into the console and hit enter.
- Press
F8again to allow scripts to run and let the page finish loading. - Now you will see a prompt before any redirect occurs and you'll have an opportunity to cancel it.
- If the page repeatedly tries to redirect you, you can tell chrome not to display the dialog again. Further attempts by the page to navigate you elsewhere will fail silently.
In my experience with this problem there isn't a great way to handle this in every situation. Just the other day I ran into this problem while analyzing a banking phishing scam. I was looking for a reminder on this problem myself because it had been a while. I tried changing things in chrome to make the page stop redirecting automatically, but nothing worked. The reason it wasn't working is because this is what was at the top of the page:
<html> <head> <meta content='0;URL=' http-equiv='refresh' /> </head> <!-- other HTML here -->
</html>That meta tag was redirecting to a second scam website after reaching the first scam website. More information about redirecting with the meta tag here.
Therefore, as far as I can tell I couldn't stop the redirect. I didn't care though because my fallback work around for annoying situations like this are to just download the web page as a text file and analyze the contents which is exactly what I did.
There are a variety of ways to do this. Since I was working inside of my dedicated Linux VM where I analyze scams I did the following inside of terminal (bash):
content=$(wget -q -O -)
echo $content > scam.htmlIn summation the basic algorithm is:
- Choose a language
- Perform an HTTP GET on your trouble URL
- Store output string to a variable
- Save output string to file
Like I mentioned before, this will help you at least see what is causing the redirect. After downloading the file, I removed that meta tag and then I was able to review the page.
Another temporary way to stop a redirect from happening, is to press esc button before the redirect happens.
esc stops the execution of js in the page but also html from rendering, so it it's pressed soon enough the redirect shouldn't take place but maybe the page won't be completely loaded. It can be useful to investigate page content and other info like cookies
As far as I know, there is no way to disable this function.
More importantly, doing so would break a very basic functionality that Web Servers rely on. You can expect a lot of websites to just stop working.
At bare minimum, - all 'www' redirects would stop working - all 'http-to-https' redirects would stop working
So you would manually have to type in '' before every domains.
Beyond that, many subpages within websites would stop functioning as well.
So I would not be surprised if Chrome and Firefox developers make it very difficult or impossible to disable Redirects altogether at the browser level.
7Using the Dev Tools, there is a tab that will display all the assets initialized by a page and their source as a URL (Networking? Sources?); even easier, after closing a popup, go to your history and see the URL there.. Either way, if you know the server address ("popup.ads.com" etc) Then why not make an edit to your HOSTs file (Linux/Win/Mac compatible) and just not run the risk of having a sketchy site read/write cookies, and potentially try to hijack your browser?
All that you'd need to do is add a line for each domain to block such as:
0.0.0.0 ads.com Or 0.0.0.0 popup.ads.com (Sub domains can be blocked while leaving the parent domain unblocked)
2- Open Google Chrome.
- Update Google Chrome.
- Click ⋮.
- Click Settings.
- Scroll down and click Advanced ▼.
- Scroll right down to the "Privacy and security" segment.
- Click the grey "Protect you and your device from risky sites" switch.
- Use an extension.
