[CrackMonkey] break privacy
Drew Bloechl
drew at sith-lord.org
Wed Mar 29 08:57:44 PST 2000
On Wed, Mar 29, 2000 at 01:24:24AM -0800, Monkey Master wrote:
> Within a single site, state may be maintained by generating dynamic
> URLs that include session identification either within the hostname
> (http://d9128309812.crackmonkey.org/) or path
> (http://crackmonkey.org/d213213213/faq.html). However, this does not
> allow tracking between sites and causes a significant loss of
> functionality because URLs cannot be shared between users or
> bookmarked.
Something I'd like to see with those sites that use GET (*cough*
mapquest *cough*) for cut-and-paste-able URLs is packed arguments (to
coin a term). Just take all the arguments, run them through zlib,
and that in turn through base64.
Now you have a nice (hopefully shorter) query string that can be
unpacked and redirected to the real URL.
Possibly useful for bookmarking POST CGIs too.
--
Drew Bloechl
drew at sith-lord.org
More information about the Crackmonkey
mailing list