Both URL addresses lie.

URL, that is, "Uniform Resource Locators", indicates a Uniform Resource locator. The URL in the address bar is an expression of my URL. Basically, all the friends who visit the website will use me, so my role is very great. Maybe many of my friends don't know, but I am very deceiving. In particular, a group of people who claim to be hackers really like me to cheat you. If you don't pay attention, let me take you into the webpage where Trojans are implanted. So today, I want to boldly expose myself to the short, so that you can see me clearly. Never be cheated by hackers.

Lie: the common pattern of URL Spoofing

There are many ways to trick people into using my URLs, such as initiating a tempting website name or dropping out of a bag of easily mixed letters and numbers for bank phishing, there are also full-blown Unicode codes such as "% 30% 50. However, the most common trick to cheat me is the following two:

1. @ sign filter username resolution

The @ flag is the separator between the user name of the e-mail address and the host, but it is also applicable in my URL and has the same functions. HTTP (Hypertext Transfer Protocol) specifies that the complete URL format is "Http: // Name: Password @ IP address or host Name". The "IP address or host Name" is required. @ Indicates "Name: Password" in front of it, indicating "User Name: Password", which is optional. That is to say, in my URL, the URL that really plays a parsing role starts after the @ sign, which is the spoofing principle.

For example, a QQ friend sent you a said there is a large free download address "Http: // www.sohu.com@www.Trojan.com.cn/HuiGeZi_Server.exe", you dare to go to the point? Indeed, it looks like a link to the "www.sohu.com" Sohu website. In fact, "www.sohu.com" here is only a user name written as a Sohu website (the password here is blank ), because there is a @ sign next to it. The URL of the actual link is "www.trojan.com.cn/huigezi_server.exe" (for better understanding, I have fabricated a trojan website with the" gray pigeon "server under it). Trojans will be planted if you click it. The sent URL address is equivalent to "Http: // response. Even if you do not have this user name, it does not affect the browser's URL resolution. If you do not believe it, just in the address bar casually write a like "Http: // abcdefg@www.sohu.com" and then try again, or still enter the Sohu site.

2. IP address in decimal format

A common IP address consists of four bytes, which are generally expressed as "xxx. xxx" (x represents a decimal number), for example, "61.135.132.12 ". Because Pure Digital IP addresses are too abstract and hard to remember, Domain Name Service DNS is used to match them. In the address bar of your browser, you can enter "Http: // www.sohu.com" and "Http: // 61.135.132.12" to access the Sohu website because 61.135.132.12 is the IP address of www.sohu.com. However, if you try "Http: // 1032291340" again, the results will certainly surprise many people, because they still open the Sohu website!

Why is a decimal number "1032291340" equivalent to an IP address "61.135.132.12? As a matter of fact, I have already hinted at it. The four-point decimal IP Address "61.135.132.12" represents a group of 32-bit binary numbers. If they are combined and converted into a decimal number, the answer is 1032291340. The conversion method is very simple, that is, the number system is expanded by right: 12 × 2560 + 132 × 2561 + 135 × 2562 + 61 × 2563 = 12 + 33792 + 8847360 + 1023410176 = 1032291340 (the base is 256, that is, 28 ).

After understanding this, let's look back at "www.trojan.com.cn/huigezi_server.exe.pdf" in the preceding example ". If such a letter domain name will expose a fox tail, convert the corresponding IP address (for example, "61.135.132.13") into a decimal number and the result is 1032291341, combined with the @ flag to filter users' parsing, the spoofing goes up the next step-Http: // www.sohu.com @ 1032291341. At this time, how many people will suspect that this URL is not Sohu?

Prevention: Check source code to prevent URL Spoofing

I still have a lot to do with URL spoofing (typically self-defeating), but you can still prevent it. In fact, to deal with these malicious web pages that use my URLs to spoof people, you only need one simple trick to work, that is, to view the source code of the web page. Of course, this requires the ability to read Web code.

Suppose someone sends you a URL -- Http: // www ........ If you do not know whether it is URL spoofing, you only need to enter "View-Source: Http: // www ........ Com "and press Enter. The system will call notepad to open the source code of the webpage. The next step is to search for it (you can use the "Edit> Search" menu) whether it is like Format or whether there is <iframe src = "ww ........ Htm "name = "...... "Width =" 0 "height =" 0 "frameborder =" 0 ">. If yes, access is denied.