Saturday, December 24, 2011

bit.ly - find out what the real url is before visiting

This looks like a pretty innocuous link. Kinda like one you might see on twitter, facebook, etc


FreindOfMine1: Check out this new blah blah blah music video - https://bitly.com/4rzEF4



Wouldn't it be nice to see where the link actually goes without visiting it first? For bit.ly, it's easy. Just add a plus sign to the end of it. If we visit https://bitly.com/4rzEF4+, we see it actually links to http://ha.ckers.org/xss.js. Not a harmful script...but it could be.




Happy safe browsing ; ).


Note: I just stumbled across http://untiny.me, which works for more sites than just bit.ly.
Post a Comment