Hello, this is a very short tutorial on URL obfuscation. It is also known as Dotless IP.
Any URL can be obfuscated using four techniques.
1) DWORD (Level 1 to Level 5)
2) Octal
3) Hex
4) Number representation
Suppose, you want to obfuscate http://www.nirsoft.net
Get the IP address, using ping.
Its IP is, 69.73.166.124
Once you get the IP, perform following transformations.
1) DWORD
first octet * 256 + second octet = Result-1
Result-1 * 256 + third octet = Result-2
Result-2 * 256 + fourth octet = 1162454652 = Your new obfuscated URL
or
256^3 = 16777216 * first octet
256^2 = 65536 * second octet
256^1 = 256 * third octet
256^0 = 1 * fourth octet
Add all the results = you new obfuscated URL
2) Octal
Convert each octet into its corresponding octal value.
Add 0 to remaining preceding places to complete the address, if necessary.
0105.0111.0246.0174
3) Hex
Same as octal. Convert each octet into its corresponding hex value.
Add 0x before every result.
0x45.0x49.0xA6.0x7C
4) Manual (*This method works only in IE.)
Each letter can be represented using % and a code number.
a = %41
b = %42
c = %43
d = %44
.
.
.
.
j = 4A
k = 4B
l = 4C
m = 4D
n = 4E
o = 4F
p = 50
q = 51
r = 52
.
.
.
y = 59
z = 60
Thus, http://www.nirsoft.net can be represented as
%57%57%57.%4E%49%52%53%4F%46%54.%4E%45%54
All the values will eventually take you to the same location.
This method can be used for many different purposes.
Use you imagination and creativity for exploiting this concept.
I don't know why it doesn't works for suck-o. It takes you to ispCP Omega. LOLzzz
Why to use?
These methods can be used to get access to many blocked sites. No need of proxy.
Also, if you don't want to reveal the website address, use any of the method you are done.
My college has Cyeroam firewall installed. So, I use it to access many blocked sites. The college is damn n00b that, youtube, rapidshare, megaupload are all banned.
Come on, you can't block everyday essentials .
Success of this method is not 100%. It varies from browser to browser.
URL Obfuscation
- z3r0aCc3Ss
- Fame ! Where are the chicks?!
- Posts: 700
- Joined: 23 Jun 2009, 16:00
- 14
- Contact:
URL Obfuscation
Last edited by DNR on 06 Mar 2011, 14:57, edited 1 time in total.
Reason: fixed parsed URL
Reason: fixed parsed URL
Beta tester for major RATs, all kinds of stealers and keyloggers.
Learning NMAP
Learning NMAP
Re: URL Obfuscation
In the old days URL Obfuscation was common - it was security through obscurity. Most people thought it was some magical propreity code, but smart hackers reconised the hex codes.
While not as common as the early 1990's, most have gone to propriety codes. This can still work, bad sysadmins still in use this as weak security - learn to spot and decode these URLs to convert to plain text - possibly user and pass..see how they are NOT protecting you online.
DNR
While not as common as the early 1990's, most have gone to propriety codes. This can still work, bad sysadmins still in use this as weak security - learn to spot and decode these URLs to convert to plain text - possibly user and pass..see how they are NOT protecting you online.
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
- z3r0aCc3Ss
- Fame ! Where are the chicks?!
- Posts: 700
- Joined: 23 Jun 2009, 16:00
- 14
- Contact:
Re: URL Obfuscation
Yeah, very true DNR. This worked very well in late 90's.
Still it works for some sites and some browsers.
Still it works for some sites and some browsers.
Beta tester for major RATs, all kinds of stealers and keyloggers.
Learning NMAP
Learning NMAP