Friday, February 11, 2011

Russian Doll URL Shortening

Attackers have been hiding malicious URLs using shortening services like TinyURL or bit.ly for some time now. Some smarter folks, however, have plugins that automatically resolve shortened URL's for them.

For a little extra umph, what if the attacker shortened an already shortened URL? I wonder how many of these tools are prepared to unravel a chain of shortened URLs.

I haven't seen this technique yet, so hopefully I'm the inventor and everyone will call it "Russian Dolling."

p.s. On an only slightly related note, does anyone know of any services that let you edit the target URL afterwards? If so, you could create a loop in shortened URLs. That would be awesome.

UPDATE:
Diogo Mónica notified me that he has seen such attacks in the wild, and there are tools that can handle it. While not surprising in the least, I must admit I am still a little disappointed it won't be named Russian Dolling. Alas.

Diogo also pointed out that loops are possible using services such as ow.ly. Such as this one  . Don't use bit.ly though, because it will warn you of encapsulation. Be sure to check out Diogo's blog if you get the chance, it's awesome.

No comments: