URL Obfuscating

URL Obfuscating အေၾကာင္းေလးေရးေပးလိုက္ပါတယ္။ စိတ္၀င္စားလို႕ဖတ္ရင္းနဲ႕ Filter Bypass ေတြအတြက္ အသံုးလဲ၀င္တယ္။ Knowledge လဲရတာေၾကာင့္ သိထားေတာ့ေကာင္းတာေပါ့။ က်ေနာ္ကေတာ့ localhost ကိုသံုးျပီး ေရးထားလိုက္တယ္။ ဟီး Internet မလိုပဲစမ္းလို႕ရတာေပါ့။

Normal URL

http://localhost

Format

scheme://hostname:port/filepath/filename?query_string=value#fragment

Testing with PHP Server Variables

http://localhost:8012/php/tests/all_server_variables.php?q=hello#lolsec

Screenshot

ဒါကေတာ့ normal URL ပါပဲ။ နားလည္ေအာင္ ေျပာထားတာပါ။ ဟုတ္ျပီ ခုကစျပီးေတာ့ URL obfuscating အေၾကာင္း ေလ့လာၾကမယ္။

URL Encoding

http%3A%2F%2Flocalhost%3A8012%2Fphp%2Ftests%2Fall_server_variables.php%3Fq%3Dhello%23lolsec

https://www.urlencoder.org/

IP Address

http://127.0.0.1:8012/

2 URL 

http://location-href.com@127.0.0.1:8012

IP to Long IP

2130706433:8012

http://www.smartconversion.com/unit_conversion/IP_Address_Converter.aspx

Hexadecimal Format

http://0x7f.1:8012

0x7f=127 (decimal)

Alternate format

http://0x7f.0x00.0x00.0x01:8012

Octal Format

http://0177.0000.0000.0001:8012

177=127 (decimal)

Decimal Format

2130706433:8012

ဒါဘယ္လိုျဖစ္လဲဆိုေတာ့

converting to binary

127 = 01111111
0 = 00000000
0 = 00000000
1 = 00000001

ျပန္စီလိုက္တယ္ ဒီ binary ေတြကို

01111111000000000000000000000001

ဒါကို decimal ျပန္ေျပာင္းလိုက္တယ္။

2130706433

Deciamal to hexa

2130706433 - > 7F000001

0x7F000001:8012

ASCII format

%6c%6f%63%61%6c%68%6f%73%74:8012

How?

http://www.asciitable.com ( ascii code ေတြၾကည့္ဖို႕ပါ )

6c 6f 63 61 6c 68 6f 73 74
l  o  c  a  l  h  o  s  t

No slashes // 

http:localhost:8012

Using url shortener

https://goo.gl/

https://tinyurl.com/

Short URL with symbol

http://ᄒ.ws/!

http://xn--hqd.ws/index.php

Web Obfuscate Lab ထဲမွာ ဒီဟာနဲ႕ပတ္သတ္ျပီး Practice ေလးတစ္ခုထပ္ထည့္ဖို႕ရွိပါတယ္။  အဲ့ခါက်ရင္ try ၾကည့္ၾကပါဦးေနာ္႕

Thanks for Reading xD