Download
1 / 3
40 likes | 171 Vues
URL obfuscation is a technique used to conceal the true destination of a URL. It can enhance privacy and protect against tracking. A URL generally follows the format: [protocol]://[user@]system[:portnum]/file. When accessing websites, the protocol (like HTTP) plays a crucial role. For example, using an IP address instead of a domain name, converting the IP into decimal or hexadecimal representations, or applying ASCII hex encoding techniques is common. These methods provide layers of obfuscation to help anonymize web traffic and protect users' identities.
E N D
URL Obfuscation With @ • What is the format of a URL? [protocol]://[user@]system[:portnum]/file • If we are accessing a web site… • Protocol is http • User is blank and port number is blank (defaults to 80) • Therefore, we get something like: • http://www.microsoft.com • Hide real destination inside the URL: • http://www.microsoft.com&item=q122134@www.phrack.org
Messin’ with IP Addressin’ • How about using a hidden IP Address instead of domain name? • http://www.microsoft.com&item=q122134@198.78.66.6 • How about using decimal representation of IP Address instead of dotted quad? • Convert w.x.y.z using: w*256**3+x*256**2+y*256+z • http://www.microsoft.com&item=q122134@3327017478 • How about using the hex representation of IP Address instead of dotted quad? • http://www.microsoft.com&item=q122134@0xc64e4206 • http://www.microsoft.com&item=q122134@0xc6.0x4e.0x42.0x06 • Don’t forget Octal!
URL Obfuscation Using URL Encoding • How about using hex representation of ASCII domain name? • http://www.microsoft.com&item=q122134@%77%77%77%2E%70%68%72%61%63%6B%2E%6F%72%67 • How about using a hex representation of the @ symbol (%40)? • http://www.microsoft.com&item=q122134%40%77%77%77%2E%70%68%72%61%63%6B%2E%6F%72%67 • Ouch! That last one hurts!
