thouse fake cnn (etc) pages

Goodshape

I suppose this is a webmaster-ish question.

how do you make thouse fake cnn pages? ..you know, the ones that look like there on cnn.com, but actualy point to some1's ip or webserver?

Bard

I'd imagine it's a case of setting up a password protected site, with a user named "www.cnn.com" with a password of "80". Then the URL to get to that web site by http would be something along the lines of:

http://www.cnn.com:80@123.123.123.123/

(where 123.123.123.123 is the IP address of your web server.

Just add a few 'realistic looking' subdirectories to this and yer off.

e.g.:

http://www.cnn.com:80@123.123.123.123/EU/Domestic/Finance/1122203.html

ya dig?

Puck

AFAIK there's no need to go setting up accounts or password protected areas on sites (but then again Bard would probably know more about this than me)

eg:
www.puck.ie@www.boards.ie will just take you to Boards.ie. I'm sure it can't be too different for IP Addresses.

Bard

Originally posted by Puck
AFAIK there's no need to go setting up accounts or password protected areas on sites (but then again Bard would probably no more about this than me)

eg:
[url=http://www.puck.ie@www.boards.ie/]www.puck.ie@www.boards.ie[/url] will just take you to Boards.ie. I'm sure it can't be too different for IP Addresses.

Puck, when anonymous access is allowed, then you can still use a username (ANY username) to connect... with or without a password... and it wont make a jot of difference.

For example... I just came up with this:

http://www.completebunchofarse.ie@193.120.248.4/

give it a click and see what you get

Goodshape

i dig. cheers bard.

...but then again, i see what your on about puck... i dig that too...

phaxx

No users, just put something before the real hostname/IP.

http://www.cnn.com@www.YORE-MA-NEWS.com/fancy/subdirectories/YOREMA.html

It's best to put the IP, because most people don't have a clue, and are used to seeing numbers and funny symbols in URLs, but if you use the IP, you can't put the page on a vhost[1], it has to be the main site, the main thing, the thing. I dunno the term for it.

[1]: Virtual Hosts, where the browser gives the name of the domain it's looking for to the server, and the server responds with the appropriate site. When you specify an IP address, this doesn't happen. (no "Host: " header sent)

Puck

LOL

Dammit you quoted my spelling mistake before i corrected it - "Bard would no more about this than me". Ah well it comes from writing too many txts and trying to save space etc.

Anyway... so the am I right in thinking whole user-name part of the URL is useless unless you have special accounts set up on the site?

So then anyone could set up some space on their own website that looks like the URL from, say, CNN by using the user name www.cnn.com, their IP address and directories that look like the directories that a site like CNN might use.

phaxx

Well no, since the user doesn't exist there, it's just ignored and treated normally.

[edit]I mean, the user doesn't exist and the page the browser is looking for isn't restricted, so it treats it normally[/edit]

Puck

Maybe I should have rephrased that. Basically what I was saying is that the whole user-name part is usless unless there are any special accounts set up. I tend to confuse the point in my posts.

phaxx

Nope.

The username part is there because it's the only way of putting some text into the beginning of the url to fool the user without breaking something.

ObeyGiant

For added realism, it's probably best if you don't use IP addresses.
For example, in http://www.someurl.com@127.0.0.1/somepage.html the IP address stands out a little, but there is a trick to getting around it.
We'll use 194.145.128.36 (www.iol.ie) as an example.
* Open a scientific calculator program (Windows - start calculator, and choose "view -> scientific")
* Put in the first part of the IP (in this case, 194) and press the "Hex" button.
* This should give you the first part in Hex - in our example, C2
* Write this down
* Repeat for three remaining parts of IP address (145 - 91, 128 - 80, 24)
* Switch your calculator to "Hex", and put in the completed Hex string (C2918024)
* Press the "Dec" button, and this will give you a string of numbers (in the example - 3264315428)

This is the IP in Decimal. This will work in most (standards-compliant (read: not netscape 4.*)) browsers, and looks a lot less suspicious than an IP address.

Bard

eh... I'd have thought http://3264315428/ looked more suspicious than http://194.145.128.36/ - but thanks for explaining where those unusual addresses come from.

dahamsta

eh... I'd have thought http://3264315428/ looked more suspicious than http://194.145.128.36/

Not when it's in a URL like http://www.whitehouse.gov@3264315428/ though, which I reckon was the point.

but thanks for explaining where those unusual addresses come from.

Yeah, web addresses should be (it's dependant on the browser supporting standards of course) accessible from a variety of mathematical representations of the IP address, including hex, and I think binary too.

adam

ObeyGiant

Originally posted by Bard
eh... I'd have thought http://3264315428/ looked more suspicious than http://194.145.128.36/ - but thanks for explaining where those unusual addresses come from.

Written like that, they do, but when mixed with what's already been explained above, the fact that there's an IP address doesn't "pop out" at you. As a matter of fact, it looks almost like one of those man random session IDs that many sites (such as CNN) use.

eg.
http://www.cnn.com@3264315428/somepage.html
compared to
http://www.cnn.com@194.145.128.36/somepage.html

Puck

Sorry I did it again!

What I meant by "useless" is that it doesn't make any difference in where the user is actually taken to. But yeah it still could be used to fool the user.

I'm gonna shut up now before I confuse myself. Whether ye understand me or not I think I should just leave it at that. I don't think any of us are in disagreement here and Goodshape's question has been answered.

I'll get me coat.

dahamsta

Lemme see if I can clear this up: Puck was trying to clarify that there doesn't need to be any particular configuration on the server-side for this. If HTTP_AUTH is turned on, then the username:password combination passed to the webserver throught the HTTP protocol will have to authenticate, i.e. it will have to match up with whatever method is used to validate it on the server side. If it isn't though, the username or username:password combination will simply be ignored and passed-through by the webserver.

There you go, security through obscurity!

adam

Bard

pfft.

Just use Opera and it'll warn you if you're about to be taken to one of these addresses...

e.g.:



and it rocks for so much else too

smoke.me.a.kipper

binary addresses wont work for me

Puck

Originally posted by dahamsta
Lemme see if I can clear this up: Puck was trying to clarify that there doesn't need to be any particular configuration on the server-side for this. If HTTP_AUTH is turned on, then the username:password combination passed to the webserver throught the HTTP protocol will have to authenticate, i.e. it will have to match up with whatever method is used to validate it on the server side. If it isn't though, the username or username:password combination will simply be ignored and passed-through by the webserver.

There you go, security through obscurity!

adam

Bingo!!!!

dahamsta

Just use Opera and it'll warn you if you're about to be taken to one of these addresses...

Oooh, it does an' all. Clever.

and it rocks for so much else too

Yeah yeah, you'd marry Opera if it was a woman, yadda yadda...

adam