How to reverse a shortened URL with a single command on GNU/Linux

Remember that old saying: if you don’t know the source, don’t click it? With all these new URL shortening services, that advice seems to have been thrown out the window. As a result, evildoers are embracing the technology to disguise their malware sites behind shortened URLs.

This is obviously effective as an URL like hxxps:// would have a much easier time getting past your spamfilter than say something like hxxp://h4x0r.tld/inject.aspx

So why are the goliaths like Microsoft and Google using shortened URLs one might ask? Well, since they are nice enough to give us short and sweet URLs, we’ll let them track us, profile us and give us better targeted ads in return, a fair trade or what…

Anyhow, the technology behind a shortened URL is just a standard URL redirection, so by examining the HTTP header, it’s entirely possible to identity the “long URL” that a service is pointing to.

By using cURL we can fetch the HTTP header by querying a shortened URL. The answering server will then reveal the actual targeted URL.

Microsoft News twitter account

Microsoft News using

Microsoft is using the (Sprinklr) service on their twitter account, lets use the shortlink as an example.

curl -I

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache,no-store,must-revalidate
Cache-control: no-cache="set-cookie"
Content-Type: text/html;charset=UTF-8
Date: Mon, 08 Jun 2015 18:27:21 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Sprinklr

Lets break it down by examining two rather self explanatory fields from the reply:

  1. HTTP/1.1 301 Moved Permanently:
    This part means exactly what it says, the URL has been moved and we should follow the new location provided by this server.
  2. Location:
    The actual URL the server is instructing us to use instead of the original shortlink.

When clicking a shortened URL your browser will automatically perform the instructed steps to navigate you to the designated target. Next time around though, why not inspect the URL with cURL beforehand.

Curl - Fetch the HTTP-header only

Curl- Fetching the HTTP-header only

Roger Comply avatar
Roger Comply
Thank you for reading!
Feel free to waste more time by subscribing to my RSS feed.