Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer and Network Hacker Exploits - ©2002, Ed Skoudis 1 URL Obfuscation What is the format of a URL?

Similar presentations


Presentation on theme: "Computer and Network Hacker Exploits - ©2002, Ed Skoudis 1 URL Obfuscation What is the format of a URL?"— Presentation transcript:

1 Computer and Network Hacker Exploits - ©2002, Ed Skoudis 1 URL Obfuscation With @ What is the format of a URL? [protocol]://[user@]system[:portnum]/file If we are accessing a web site… –Protocol is http –User is blank and port number is blank (defaults to 80) Therefore, we get something like: –http://www.microsoft.com Hide real destination inside the URL: –http://www.microsoft.com&item=q122134@w ww.phrack.orghttp://www.microsoft.com&item=q122134@w ww.phrack.org

2 Computer and Network Hacker Exploits - ©2002, Ed Skoudis 2 Messin with IP Addressin How about using a hidden IP Address instead of domain name? –http://www.microsoft.com&item=q122134@198.78.66.6http://www.microsoft.com&item=q122134@198.78.66.6 How about using decimal representation of IP Address instead of dotted quad? –Convert w.x.y.z using: w*256**3+x*256**2+y*256+z –http://www.microsoft.com&item=q122134@3327017478http://www.microsoft.com&item=q122134@3327017478 How about using the hex representation of IP Address instead of dotted quad? –http://www.microsoft.com&item=q122134@0xc64e4206http://www.microsoft.com&item=q122134@0xc64e4206 –http://www.microsoft.com&item=q122134@0xc6.0x4e.0 x42.0x06http://www.microsoft.com&item=q122134@0xc6.0x4e.0 x42.0x06 Dont forget Octal!

3 Computer and Network Hacker Exploits - ©2002, Ed Skoudis 3 URL Obfuscation Using URL Encoding How about using hex representation of ASCII domain name? –http://www.microsoft.com&item=q122134 @%77%77%77%2E%70%68%72%61%6 3%6B%2E%6F%72%67http://www.microsoft.com&item=q122134 @%77%77%77%2E%70%68%72%61%6 3%6B%2E%6F%72%67 How about using a hex representation of the @ symbol (%40)? –http://www.microsoft.com&item=q122134 %40%77%77%77%2E%70%68%72%61 %63%6B%2E%6F%72%67http://www.microsoft.com&item=q122134 %40%77%77%77%2E%70%68%72%61 %63%6B%2E%6F%72%67 Ouch! That last one hurts!


Download ppt "Computer and Network Hacker Exploits - ©2002, Ed Skoudis 1 URL Obfuscation What is the format of a URL?"

Similar presentations


Ads by Google