Open e1abrador opened 3 days ago
Hello @e1abrador, Thank you very much for your contribution to the URL Validation Bypass Cheat Sheet. I'll think about your suggestion how to improve IPv4 notations. Not sure, I can implement all possible combinations, because of the performance issue. However, some of then can be added, for example Class A Encoding.
Hi,
I understand the performance issue, an alternative on that, you could create like a "calculator" that each time the user click the regenerate button, the encoded IPv4 address will change to a random one, using a different encoding for each octet.
Hi,
On my Burp extension "Encode IP" i showed different IPv4 notations, here are some examples:
Actually, it's possible to ping these different notations in the CMD and they are valid:
But it is also possible to generate different combinations using a different encoding on each IPv4 octet, something like this:
0x7f.0.000000000001
is a combination of theClass B Encoding
,Hex Encoding v1
andOctal Encode with 0s
. This open a big possibility of bypass backend blacklists/regexes. My idea is not to show all these possibilities on the web page because there are a lot, the idea would be implementing an option to download different combination possibilities in a raw text file or something similar, so the user can work with them.