internal Posted March 1, 2015 Share Posted March 1, 2015 Okay I have seen about about on websites with a masked link say it may have the url followed by at the end #!listen/cr2r is there anyway of finding the true link for use in a program say for instance nikto ? Thanks Quote Link to comment Share on other sites More sharing options...
digip Posted March 1, 2015 Share Posted March 1, 2015 (edited) Masked urls like a URL shortner to see where it redirects to? Not sure with nikto, but you can always paste one into http://validator.w3.org/ to see the final redirected URL's or use wget to script a fake scan and ignore the download but keep a debug log to view all the links it 301/302 redirects through. Could be scripted to automate inline and show the output in a console without having to use a browser to visit a malicious link, but I like using http://validator.w3.org/ since it doesn't require giving up your IP to do the lookup. * http://validator.w3.org/ also lets you look at the source code of the final site so you can check it for malicious code. Edited March 1, 2015 by digip Quote Link to comment Share on other sites More sharing options...
internal Posted March 1, 2015 Author Share Posted March 1, 2015 Thankyou digip I am familiar with validator.w3.org will check that out. Quote Link to comment Share on other sites More sharing options...
digininja Posted March 1, 2015 Share Posted March 1, 2015 If you don't mind the destination knowing where you came from you could use my HTTP Traceroute tool which will follow all redirects and give you full information from each one. http://digi.ninja/projects/http_traceroute.php Nikto won't help you with this as it is a static scanner, it looks at the URL you gave it and tests for known issue. It will probably tell you if it is a redirect and the next hop but if you are looking at these as used maliciously then they often use multiple hops so won't get to the end. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.