[156278] in North American Network Operators' Group
Re: HXXP browser protocol
daemon@ATHENA.MIT.EDU (Sean Harlow)
Thu Sep 13 17:28:34 2012
From: Sean Harlow <sean@seanharlow.info>
In-Reply-To: <CABgOHgsL6rWY6UGMGPszVmhHdhZLGuWJZ_mSxRrdmawzn7PXig@mail.gmail.com>
Date: Thu, 13 Sep 2012 17:27:37 -0400
To: Landon Stewart <lstewart@superb.net>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Fur further reference, wiki gives the following reasons for hxxp or =
other similar methods of URL obfuscation:
Some of the uses of this method include:
* to avoid passing the HTTP referrer header which would reveal the =
referring web site to the target.
* avoiding automated web crawlers from following the links. While =
effective, legitimate web crawlers can be avoided through the use of a =
robots exclusion standard on the target web site. To avoid advancing the =
search engine rank of the target web site, nofollow attributes can be =
used instead.
* to bypass overzealous link spam protection in, for example, blog =
comments.
* for making sure that a user doesn't accidentally click on a =
potentially harmful link, in applications that automatically recognize =
links in plain text. Examples of this include "not safe for work" links.
* to avoid an application from downloading unwanted files, like =
advertisements or a malware. The method is directly change all 'http' to =
'hxxp' in specific uncompressed .exe or .swf files with a hex editor.
---
Sean Harlow
sean@seanharlow.info=
