Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer and Network Hacker Exploits - ©2002, Ed Skoudis 1 URL Obfuscation What is the format of a URL?

Similar presentations


Presentation on theme: "Computer and Network Hacker Exploits - ©2002, Ed Skoudis 1 URL Obfuscation What is the format of a URL?"— Presentation transcript:

1 Computer and Network Hacker Exploits - ©2002, Ed Skoudis 1 URL Obfuscation What is the format of a URL? If we are accessing a web site… –Protocol is http –User is blank and port number is blank (defaults to 80) Therefore, we get something like: –http://www.microsoft.com Hide real destination inside the URL: ww.phrack.org

2 Computer and Network Hacker Exploits - ©2002, Ed Skoudis 2 Messin with IP Addressin How about using a hidden IP Address instead of domain name? How about using decimal representation of IP Address instead of dotted quad? –Convert w.x.y.z using: w*256**3+x*256**2+y*256+z How about using the hex representation of IP Address instead of dotted quad? x42.0x06 Dont forget Octal!

3 Computer and Network Hacker Exploits - ©2002, Ed Skoudis 3 URL Obfuscation Using URL Encoding How about using hex representation of ASCII domain name? 3%6B%2E%6F%72%67 How about using a hex representation of symbol (%40)? –http://www.microsoft.com&item=q %40%77%77%77%2E%70%68%72%61 %63%6B%2E%6F%72%67http://www.microsoft.com&item=q %40%77%77%77%2E%70%68%72%61 %63%6B%2E%6F%72%67 Ouch! That last one hurts!


Download ppt "Computer and Network Hacker Exploits - ©2002, Ed Skoudis 1 URL Obfuscation What is the format of a URL?"

Similar presentations


Ads by Google