SpoofStick: Protect Yourself From Obscured URLs...

Posted by Dan on Jun 25, 2004 @ 2:35 PM

I was watching a re-run of The Screen Savers today and they had a guest on who showed off a browser toolbar addon called SpoofStick.

The idea behind this toolbar is that it will resolve the actual website you're on and display the name of the server. Some of you may be thinking: "Why is this useful? When I go to a site I know what site I'm on." Or do you?

One of the most commonly used techniques by hackers attempting to gather person information about users (such as your credit card number or PayPal account,) is to send an e-mail address that looks official which provides a link to "update your personal information." These messages often look legit and the websites they take you too often look they way you'd expect them to—however, they're not actually the official website; it's a copy of the site on a hacker controlled server.

They do this by fooling your eye with a little trick. Take the following url: http://www.ebay.com@3352955859. Now at a quick glance, this may look like you're going to eBay's website with some unique id used to tracking you. However, this is actually using a dword url spoof. The actual site you're going to go to is www.pengoworks.com. The "3352955859" is actually a dword representation of the IP address for www.pengoworks.com. The part before the "@" sign is actually interpreted as login information for the www.pengoworks.com and doesn't have anything to do with eBay.

So, what this toolbar would do, is display the actual IP address you're on—which won't be the www.ebay.com. If you're running a Mozilla-based browser (like Firefox v0.9+), if this type of spoofing technique is being used, you may get a warning message (you should in the example above.) However, this toolbar may still be useful to you as it's a clear visual representation of the site you're on.

For more information on obscuring URLs, see the article "How to Obscure Any URL" over at PC-Help.org. It discusses the techniques I talked about and many more.

Categories: JavaScript, Potpourri, SQL, Personal, Technology, HTML/ColdFusion, Flex/Flash, Java


Comments for this entry have been disabled.