Plz help me in clearing my concept over Open Redirection .
By signing in page was redirecting to it’s main domain , I tried subdomains and found thatt it has white listed any thing with *.domain.com e.g google.domain.com will redirect to it, but when i redirect to google.com it was giving 404 not found error.
Is it possible to make website anything.domain.com for stealing tokens?
were you able to make the application redirect to google.com? Which applications gave you 404 error, google or the application you were testing?