Skip to main content

Shortened URL - Security Risk or Rewards

URL Shortening

Shortened URLs offers several benefits by playing a vital role in digital marketing by transforing lengthy URL into short and simple URL which can be shared on social media, blogs, emails and more.

It is a technique that will redirect your short URL to specific website of your choice. 

How ever short URLs produced by services like bit.ly and goo.gl, can be brute-forced. 

And searching random shortened URLs could yield all sorts of secret documents. Plus, many of them can be edited, and can be infected with malware.

Below image depicts the technique used by shortened URLs

Security implication
Most URL shortening domains are trusted by firewalls, Web filters or spam blocking tools , and other security analysis solutions fail to detect the real URL’s destination. This makes it difficult to identify links that lead to malicious destinations.

Risk Statement

Current State or Condition
Consequence
Since the short URL are frequently used with social networks like Twitter, Facebook, telegram,
since there is an inherent trust that the link will be legitimate,  there is high probability that users are going to click without taking into account the security risk they might be exposed to.
Since the user cannot see the original url where the browser will be redirected to.
The users may be tricked into visiting malicious web sites and allowing a successful url redirection attack compromising the user system.


CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

 Possible Control
  1. Configure your appliance to perform URL filtering on shortened URLs, and retrieve the actual URL from the shortened URL and inspect the web content.
  2. Enable detecting control by enabling recording of short url along with the expanded original url and generate appropriate alerst for further security incident analysis and management.
  3. Conduct reputation analysis by Configuring your content filters with appropriate URL Reputation rules and actions to take on malicious URLs.
How to validate short URL.

There are a number of ways you can reveal the full URL behind a shortened URL:
  1. Use the shortening service preview feature. Type the shortened URL in the address bar of your web browser and add the characters described below to see a preview of the full URL:
2.  Use a URL checker. These are just a few of the sites that let you enter a short URL and then see the full URL:
Labels:
Location: India

Comments

Post a Comment

Popular posts from this blog

MTBF MTTR MTTD

Post a Comment
Read more

Juniper SRX : Proxy ARP on Juniper SRX

Proxy ARP ( Address Resolution Protocol ) is a technique by which a intermediate network device like router replies to ARP request for a given IP address that is not part of local network.  The router acts as a proxy for the destination device to which the host wants to communicate and provides its own MAC address as the reply. Note: Proxy ARP can help devices on a network reach remote subnets without the need to configure routing or a default gateway. Disadvantages of Proxy ARP Proxy ARP can lead to security and performance issues on the network.  It poses a security risk by making the network vulnerable to ARP spoofinf attack. In attacks, malicious devices can impersonate proxies. Intercept or modify traffic between devices. It may introduce inconsistency into the network’s topology. Addressing scheme by concealing device locations and identities. Let see when and how proxy ARP is configured in Juniper by answering below questions which often comes to our mind ...
Post a Comment
Read more