Main
Monday
Feb152010

Phishing - Mask URL's with ASCII

So let's say you want to send out an e-mail with a link to a nefarious/work-inappropriate site without it being blatantly obvious to the recipient.  Or let's say you're a bottom feeder of the world and want to target hard-working people with a "phishing" e-mail. 

First let's assume the page http://www.ryanboyer.net is a truly evil page.  Perhaps it's an .html mock-up of a popular site's login page (or credit card payment screen), but when users input information into the the fields it doesn't log them in or fulfill their purchase as they expect. It could do any number of things with the data they've revealed - perhaps  e-mailing the site administrator the sensitive data they've just entered into the site.

A lot of recipients nowadays are too tech savvy to simply click on a link to http://www.ryanboyer.net.  Maybe they're clever and hover over the link in the e-mail to see where it's really leading them.  Enter the ASCII character set.

Send them a link to this:

%77%77%77%2E%72%79%61%6E%62%6F%79%45%72%2E%6E%65%74

Go ahead and paste it into the address field of your browser window and it'll bring you to my humble corner of the Internet.  Why?

First a note about ASCII.  ASCII is a numerical code for which the numbers represent basic characters and is widely used in the United States.  Because it ranges from 0 to 127 the character can be stored in seven bits.  Google "ASCII character table" and you'll get an abundance of responses so I won't replicate efforts here.

Feeding these bits into a browser will bring your unsuspecting user to http://www.ryanboyer.net the same as if they had fed this into the address field on their browser to begin with.

If you're not keeping up here's the key:

Again - look to Google to get the complete ASCII table.

If it's a .com domain you could probably get there without the three leading and three trailing characters.

Phishing e-mails leverage this tactic to mask one or more characters in the insidious URL they're trying to get us to click on.  Combine this with the @ sign vulernability in my other phishing post and you could really fool someone into going to an unsafe or inappropriate page.

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>