{"id":161,"date":"2024-07-22T01:24:37","date_gmt":"2024-07-22T01:24:37","guid":{"rendered":"https:\/\/hacking.cool\/?p=161"},"modified":"2024-09-10T19:18:40","modified_gmt":"2024-09-10T19:18:40","slug":"url-magic","status":"publish","type":"post","link":"https:\/\/hacking.cool\/atomanya\/url-magic\/","title":{"rendered":"URL Magic"},"content":{"rendered":"<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"768\" src=\"http:\/\/hacking.cool\/wp-content\/uploads\/2024\/07\/url_magic.jpg\" alt=\"\" class=\"wp-image-1419\" srcset=\"https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2024\/07\/url_magic.jpg 1024w, https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2024\/07\/url_magic-300x225.jpg 300w, https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2024\/07\/url_magic-768x576.jpg 768w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n<p class=\"has-black-color has-text-color\">I&#8217;ve seen lot of social engineering \/ phishing campaigns that try to trick you to go some unsavory places, but rarely do they look convincing.<\/p>\n\n\n\n<p class=\"has-black-color has-text-color\">So lets see how can we trick people into clicking on that link.<\/p>\n\n\n\n<p class=\"has-black-color has-text-color\"><a href=\"https:\/\/www.microsoft.com@hacking.cool\">https:\/\/www.microsoft.com@hacking.cool<\/a><\/p>\n\n\n\n<p class=\"has-black-color has-text-color\">Now if you click the above link using Firefox browser &#8211; you will get a notification that you are about to login to hacking.cool as &#8220;www.microsoft.com&#8221;. That&#8217;s essentially the trick. <\/p>\n\n\n\n<p class=\"has-black-color has-text-color\">This is the URL format from the official RFC document:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"714\" height=\"284\" src=\"https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2022\/07\/url_rfc.png\" alt=\"\" class=\"wp-image-243\" style=\"width:714px;height:284px\" srcset=\"https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2022\/07\/url_rfc.png 714w, https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2022\/07\/url_rfc-600x239.png 600w, https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2022\/07\/url_rfc-300x119.png 300w\" sizes=\"auto, (max-width: 714px) 100vw, 714px\" \/><figcaption class=\"wp-element-caption\">https:\/\/datatracker.ietf.org\/doc\/html\/rfc1738<\/figcaption><\/figure><\/div>\n\n\n<p class=\"has-black-color has-text-color\">Now, there are some reserved characters there, so you can&#8217;t put &#8216;\/&#8217; or &#8216;?&#8217; symbols. However, lets try to find substitutes for them?<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>\/<\/td><td>\u2044<\/td><td>\u0338<\/td><td>\u2215<\/td><td>\u2571<\/td><td>\uff0f<\/td><td>\uff89<\/td><\/tr><tr><td>0x2f<\/td><td>0x2044<\/td><td>0x338<\/td><td>0x2215<\/td><td>0x2571<\/td><td>0xff0f<\/td><td>0xff89<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p class=\"has-black-color has-text-color\">Looks pretty! Lets see how our website looks with the addition of the alternative slashes! Also, now that we got our fancy slashes &#8211; we can dress up our URLs a bit more \ud83d\ude42<\/p>\n\n\n\n<a href=\"https:\/\/www.microsoft.com\/en-us\/account\/@hacking.cool\">https:\/\/www.microsoft.com\/en-us\/account\/@hacking.cool<\/a><br>\n<a href=\"https:\/\/www.microsoft.com\u2044en-us\u2044account\u2044@hacking.cool\">https:\/\/www.microsoft.com\u2044en-us\u2044account\u2044@hacking.cool<\/a><br>\n<a href=\"https:\/\/www.microsoft.com\u0338en-us\u0338account\u0338@hacking.cool\">https:\/\/www.microsoft.com\u0338en-us\u0338account\u0338@hacking.cool<\/a><br>\n<a href=\"https:\/\/www.microsoft.com\u2215en-us\u2215account\u2215@hacking.cool\">https:\/\/www.microsoft.com\u2215en-us\u2215account\u2215@hacking.cool<\/a><br>\n<a href=\"https:\/\/www.microsoft.com\u2571en-us\u2571account\u2571@hacking.cool\">https:\/\/www.microsoft.com\u2571en-us\u2571account\u2571@hacking.cool<\/a><br>\n<a href=\"https:\/\/www.microsoft.com\uff0fen-us\uff0faccount\uff0f@hacking.cool\">https:\/\/www.microsoft.com\uff0fen-us\uff0faccount\uff0f@hacking.cool<\/a><br>\n<a href=\"https:\/\/www.microsoft.com\uff89en-us\uff89account\uff89@hacking.cool\">https:\/\/www.microsoft.com\uff89en-us\uff89account\uff89@hacking.cool<\/a><br>\n\n\n\n<p><\/p>\n\n\n\n<p class=\"has-black-color has-text-color\">As you may have noticed, the first link leads to microsoft.com because we use the ordinary &#8216;\/&#8217; slash, however, the other links are looking GOOD! Of course, some look better than the others, but they do point to hacking.cool. And that&#8217;s the trick. <\/p>\n\n\n\n<p class=\"has-black-color has-text-color\">But still&#8230;we got that &#8216;hacking.cool&#8217; &#8211; unsavory name that may upset some folks in a respected society. So what should we do? Lets encode it.<\/p>\n\n\n\n<p class=\"has-black-color has-text-color\">In an encoded format our &#8216;hacking.cool&#8217; url would look like: %68%61%63%6b%69%6e%67%2e%63%6f%6f%6c<\/p>\n\n\n\n<a href=\"https:\/\/www.microsoft.com\/en-us\/account\/%6b%69%6e%67%2e@%68%61%63%6b%69%6e%67%2e%63%6f%6f%6c\">https:\/\/www.microsoft.com\/en-us\/account\/%6b%69%6e%67%2e@%68%61%63%6b%69%6e%67%2e%63%6f%6f%6c<\/a><br>\n<a href=\"https:\/\/www.microsoft.com\u2044en-us\u2044account\u2044%6b%69%6e%67%2e@%68%61%63%6b%69%6e%67%2e%63%6f%6f%6c\">https:\/\/www.microsoft.com\u2044en-us\u2044account\u2044%6b%69%6e%67%2e@%68%61%63%6b%69%6e%67%2e%63%6f%6f%6c<\/a><br>\n<a href=\"https:\/\/www.microsoft.com\u0338en-us\u0338account\u0338%6b%69%6e%67%2e@%68%61%63%6b%69%6e%67%2e%63%6f%6f%6c\">https:\/\/www.microsoft.com\u0338en-us\u0338account\u0338%6b%69%6e%67%2e@%68%61%63%6b%69%6e%67%2e%63%6f%6f%6c<\/a><br>\n<a href=\"https:\/\/www.microsoft.com\u2215en-us\u2215account\u2215%6b%69%6e%67%2e@%68%61%63%6b%69%6e%67%2e%63%6f%6f%6c\">https:\/\/www.microsoft.com\u2215en-us\u2215account\u2215%6b%69%6e%67%2e@%68%61%63%6b%69%6e%67%2e%63%6f%6f%6c<\/a><br>\n<a href=\"https:\/\/www.microsoft.com\u2571en-us\u2571account\u2571%6b%69%6e%67%2e@%68%61%63%6b%69%6e%67%2e%63%6f%6f%6c\">https:\/\/www.microsoft.com\u2571en-us\u2571account\u2571%6b%69%6e%67%2e@%68%61%63%6b%69%6e%67%2e%63%6f%6f%6c<\/a><br>\n<a href=\"https:\/\/www.microsoft.com\uff0fen-us\uff0faccount\uff0f%6b%69%6e%67%2e@%68%61%63%6b%69%6e%67%2e%63%6f%6f%6c\">https:\/\/www.microsoft.com\uff0fen-us\uff0faccount\uff0f%6b%69%6e%67%2e@%68%61%63%6b%69%6e%67%2e%63%6f%6f%6c<\/a><br>\n<a href=\"https:\/\/www.microsoft.com\uff89en-us\uff89account\uff89%6b%69%6e%67%2e@%68%61%63%6b%69%6e%67%2e%63%6f%6f%6c\">https:\/\/www.microsoft.com\uff89en-us\uff89account\uff89%6b%69%6e%67%2e@%68%61%63%6b%69%6e%67%2e%63%6f%6f%6c<\/a><br>\n\n\n\n<p class=\"has-black-color has-text-color\">Imagine how many people will fall for this. <\/p>\n\n\n\n<p>Here more: \u2041 \u2f03 \u2044 \u2cc6 \u27cb \u30ce \/ \u2571 \u31d3 \u3033 \u1735 \u2215 \u29f8 \ud834\ude3a \u4e3f<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I&#8217;ve seen lot of social engineering \/ phishing campaigns that try to trick you to go some unsavory places, but rarely do they look convincing. So lets see how can we trick people into clicking on that link. https:\/\/www.microsoft.com@hacking.cool Now if you click the above link using Firefox browser &#8211; you will get a notification<span class=\"post-excerpt-end\">&hellip;<\/span><\/p>\n<p class=\"more-link\"><a href=\"https:\/\/hacking.cool\/atomanya\/url-magic\/\" class=\"themebutton\">Read More<\/a><\/p>\n","protected":false},"author":3,"featured_media":1419,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-161","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>URL Magic - hacking.cool<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hacking.cool\/atomanya\/url-magic\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"URL Magic - hacking.cool\" \/>\n<meta property=\"og:description\" content=\"I&#8217;ve seen lot of social engineering \/ phishing campaigns that try to trick you to go some unsavory places, but rarely do they look convincing. So lets see how can we trick people into clicking on that link. https:\/\/www.microsoft.com@hacking.cool Now if you click the above link using Firefox browser &#8211; you will get a notification&hellip;Read More\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hacking.cool\/atomanya\/url-magic\/\" \/>\n<meta property=\"og:site_name\" content=\"hacking.cool\" \/>\n<meta property=\"article:published_time\" content=\"2024-07-22T01:24:37+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-09-10T19:18:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2024\/07\/url_magic.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"768\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Atom\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Atom\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/hacking.cool\/atomanya\/#website\",\"url\":\"https:\/\/hacking.cool\/atomanya\/\",\"name\":\"hacking.cool\",\"description\":\"is the hacking school \ud83d\udc69\ud83c\udffb\u200d\ud83d\udcbb\ud83e\uddd1\ud83c\udffb\u200d\ud83d\udcbb\ud83d\uddfa\ud83d\udcda\ud83d\udcd6\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/hacking.cool\/atomanya\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/hacking.cool\/atomanya\/url-magic\/#primaryimage\",\"url\":\"https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2024\/07\/url_magic.jpg\",\"contentUrl\":\"https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2024\/07\/url_magic.jpg\",\"width\":1024,\"height\":768},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/hacking.cool\/atomanya\/url-magic\/\",\"url\":\"https:\/\/hacking.cool\/atomanya\/url-magic\/\",\"name\":\"URL Magic - hacking.cool\",\"isPartOf\":{\"@id\":\"https:\/\/hacking.cool\/atomanya\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/hacking.cool\/atomanya\/url-magic\/#primaryimage\"},\"datePublished\":\"2024-07-22T01:24:37+00:00\",\"dateModified\":\"2024-09-10T19:18:40+00:00\",\"author\":{\"@id\":\"https:\/\/hacking.cool\/atomanya\/#\/schema\/person\/804a839cfa61d89d69fb2cf1d2f0adc2\"},\"breadcrumb\":{\"@id\":\"https:\/\/hacking.cool\/atomanya\/url-magic\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/hacking.cool\/atomanya\/url-magic\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/hacking.cool\/atomanya\/url-magic\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/hacking.cool\/atomanya\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"URL Magic\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/hacking.cool\/atomanya\/#\/schema\/person\/804a839cfa61d89d69fb2cf1d2f0adc2\",\"name\":\"Atom\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/hacking.cool\/atomanya\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/ac4d05ec7d617e7f2dee5855900a855a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/ac4d05ec7d617e7f2dee5855900a855a?s=96&d=mm&r=g\",\"caption\":\"Atom\"},\"url\":\"https:\/\/hacking.cool\/atomanya\/author\/atom\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"URL Magic - hacking.cool","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hacking.cool\/atomanya\/url-magic\/","og_locale":"en_US","og_type":"article","og_title":"URL Magic - hacking.cool","og_description":"I&#8217;ve seen lot of social engineering \/ phishing campaigns that try to trick you to go some unsavory places, but rarely do they look convincing. So lets see how can we trick people into clicking on that link. https:\/\/www.microsoft.com@hacking.cool Now if you click the above link using Firefox browser &#8211; you will get a notification&hellip;Read More","og_url":"https:\/\/hacking.cool\/atomanya\/url-magic\/","og_site_name":"hacking.cool","article_published_time":"2024-07-22T01:24:37+00:00","article_modified_time":"2024-09-10T19:18:40+00:00","og_image":[{"width":1024,"height":768,"url":"https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2024\/07\/url_magic.jpg","type":"image\/jpeg"}],"author":"Atom","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Atom","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/hacking.cool\/atomanya\/#website","url":"https:\/\/hacking.cool\/atomanya\/","name":"hacking.cool","description":"is the hacking school \ud83d\udc69\ud83c\udffb\u200d\ud83d\udcbb\ud83e\uddd1\ud83c\udffb\u200d\ud83d\udcbb\ud83d\uddfa\ud83d\udcda\ud83d\udcd6","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hacking.cool\/atomanya\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hacking.cool\/atomanya\/url-magic\/#primaryimage","url":"https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2024\/07\/url_magic.jpg","contentUrl":"https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2024\/07\/url_magic.jpg","width":1024,"height":768},{"@type":"WebPage","@id":"https:\/\/hacking.cool\/atomanya\/url-magic\/","url":"https:\/\/hacking.cool\/atomanya\/url-magic\/","name":"URL Magic - hacking.cool","isPartOf":{"@id":"https:\/\/hacking.cool\/atomanya\/#website"},"primaryImageOfPage":{"@id":"https:\/\/hacking.cool\/atomanya\/url-magic\/#primaryimage"},"datePublished":"2024-07-22T01:24:37+00:00","dateModified":"2024-09-10T19:18:40+00:00","author":{"@id":"https:\/\/hacking.cool\/atomanya\/#\/schema\/person\/804a839cfa61d89d69fb2cf1d2f0adc2"},"breadcrumb":{"@id":"https:\/\/hacking.cool\/atomanya\/url-magic\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hacking.cool\/atomanya\/url-magic\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hacking.cool\/atomanya\/url-magic\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hacking.cool\/atomanya\/"},{"@type":"ListItem","position":2,"name":"URL Magic"}]},{"@type":"Person","@id":"https:\/\/hacking.cool\/atomanya\/#\/schema\/person\/804a839cfa61d89d69fb2cf1d2f0adc2","name":"Atom","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hacking.cool\/atomanya\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/ac4d05ec7d617e7f2dee5855900a855a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ac4d05ec7d617e7f2dee5855900a855a?s=96&d=mm&r=g","caption":"Atom"},"url":"https:\/\/hacking.cool\/atomanya\/author\/atom\/"}]}},"jetpack_featured_media_url":"https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2024\/07\/url_magic.jpg","_links":{"self":[{"href":"https:\/\/hacking.cool\/atomanya\/wp-json\/wp\/v2\/posts\/161","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hacking.cool\/atomanya\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hacking.cool\/atomanya\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hacking.cool\/atomanya\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/hacking.cool\/atomanya\/wp-json\/wp\/v2\/comments?post=161"}],"version-history":[{"count":33,"href":"https:\/\/hacking.cool\/atomanya\/wp-json\/wp\/v2\/posts\/161\/revisions"}],"predecessor-version":[{"id":1420,"href":"https:\/\/hacking.cool\/atomanya\/wp-json\/wp\/v2\/posts\/161\/revisions\/1420"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hacking.cool\/atomanya\/wp-json\/wp\/v2\/media\/1419"}],"wp:attachment":[{"href":"https:\/\/hacking.cool\/atomanya\/wp-json\/wp\/v2\/media?parent=161"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hacking.cool\/atomanya\/wp-json\/wp\/v2\/categories?post=161"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hacking.cool\/atomanya\/wp-json\/wp\/v2\/tags?post=161"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}