-
October 17th, 2002, 07:52 PM
#1
&item%3Dq209354@
http://www.microsoft.com&item%3Dq209354@
Does the URL above redirect you to whatever URL comes after the '@' or does it tunnel the data through microsoft.com- i'm confused...
http://www.microsoft.com&item%3Dq209...antionline.com
Try it for yourself and keep me posted...
yeah, I\'m gonna need that by friday...
-
October 17th, 2002, 07:58 PM
#2
URL 1: the first time: there are no new messages in my box. and then its just white page.
URL 2. antionline home page
just like water off a duck\'s back... I AM HERE.
for CMOS help, check out my CMOS tut?
-
October 17th, 2002, 08:06 PM
#3
i don't think you understood my question?
yeah, I\'m gonna need that by friday...
-
October 17th, 2002, 08:16 PM
#4
You can authenticate users over http.
instead of typing http://<website> like you would normally, you enter
http://<username>:<password>@<website> (this is mostly used for ftp, for example:
ftp://george:dubya@ftp.whitehouse.gov would authenticate usere 'george' with password 'dubya'
Now, if you want to immitate a site, you do this.
username: wvw.microsoft.com/techdir
password: niftyscript
Let's say your site is wvw.mysite.org
You can combine this to:
nttp\\wvw.microsoft.com/techdir:niftyscript@wvw.mysite.org/spoof.html
I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.
-
October 17th, 2002, 08:26 PM
#5
There is no ":" in the url posted above?
yeah, I\'m gonna need that by friday...
-
October 17th, 2002, 10:42 PM
#6
Gus, I am trying to follow what you are saying with your example and there are a couple of things I am not quite understanding:
1) @ what exactly is that doing, it almost looks like it is in a way redirecting the traffic to the www.mysite.org, not really sure, which is why I am asking
2) should the .com/techdir:niftyscript have been .com\techdir:niftyscript or does it matter?
3) What would be the intended goal of such a URL? Ie, why should I worry if I see something like that in my logs...You have really fired up my curiosity with this...
/nebulus
EDIT: Or please give me a couple of URL's that I can read up on it myself.
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
October 17th, 2002, 11:44 PM
#7
nebulus200 >
The @ sign specifies the that this is a user AT a domian. Think of it like an email address where you have the username part and domain part seperated by an at sign.
In the context of Guus' example above forward slash (/) is part of the username password pair and so is treated as just part of the string. The slash will only work this way because a forward slash (/) would mess up the obfuscation.
Normally you use such a URl to log into a website - it acts exactly the same a a popup authentication window (in that it converts username/pass into Base64 and processes authentication server side).
You could also however play with the url as Guus has done to make it seem to the user that they are linking to the microsoft site when in fact they are linking to the site described after the @ part. In this instance everything before the @ is treated as a username and password for the site designated after the @.
The link http://www.microsoft.com&item%3Dq209...nline.com/</a> is a link to AO, but as AO is not password protected by basic HTTP authentication the site just ignores everything before the @ sign.
Hope that helps - if you want further reading check out the HTTP rfc at w3.org
\"I may not agree with what you say, but I will defend to the death your right to say it.\"
Sir Winston Churchill.
-
October 18th, 2002, 01:01 AM
#8
thanx. i should have thought about that. it's a neat 'trick'. i actually found the URL in another 'AO' thread...
yeah, I\'m gonna need that by friday...
-
October 18th, 2002, 03:53 AM
#9
A big thanks to ntsa and Gus, you learn something new everyday (or at least I try to).
/nebulus
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
October 18th, 2002, 07:17 AM
#10
welcome
\"I may not agree with what you say, but I will defend to the death your right to say it.\"
Sir Winston Churchill.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|