Today,When I browse through the twitter as usual,I found a simple tool which can Convert an IP address into Integer, Hexadecimal , Octal Or IPv6.
Here is the post of it:https://amp.kitploit.com/2018/12/ip-obfuscator-simple-tool-to-convert-ip.html?amp=1&m=1
Anddddd the github:https://github.com/C-REMO/Obscure-IP-Obfuscator
As a beginner,i wanna to make sense of it.Obvious it is easy to comprehend it.
Example
Use 127.0.0.1 as a example
RegEx Part
THE RegEx Part look like this:
for match in re.finditer(r'((?P<a>\d+)\.)((?P<b>\d+)\.)((?P<c>\d+)\.)'
'(?P<d>\d+)', ip)
The only one thing that i am not familiar with is ?P<a>
Oh,i guess it mean that rename the content which are regexed to ‘a’.
So,what it is Exactly mean?
Access to Python’s documentation,it say that:
‘’’
(?P<name>…)
Similar to regular parentheses, but the substring matched by the group is accessible via the symbolic group name name. Group names must be valid Python identifiers, and each group name must be defined only once within a regular expression. A symbolic group is also a numbered group, just as if the group were not named.
Named groups can be referenced in three contexts. If the pattern is (?P<quote>['"]).*?(?P=quote)
(i.e. matching a string quoted with either single or double quotes):
Context of reference to group “quote” | Ways to reference it |
---|---|
in the same pattern itself | (?P=quote) (as shown) \1 |
when processing match object m | m.group(‘quote’) m.end(‘quote’) (etc.) |
in a string passed to the repl argument of re.sub() | \g \g<1> \1 |
‘’’
So it just similar to regular parentheses,But it can use name to be matched
Obfuscation
In this part,we will treat a IP ADDRESS as a.b.c.d
,And the result of conversion will be called as R1,R2,R3...
1.look at the normal conversion
[+] http://2130706433
[+] http://0x7f000001
[+] http://017700000001
it converts 127.0.0.1 to Integer, Hexadecimal , Octal,
so for Integer,
R1 = a*2**8**3
R2 = hex(R1)
R3 = oct(R1)
Extra:
maybe you observe that no ‘o’ in the OCT value,the author use re.sub('o', '',string)
to remove the ‘o’
2.make every 8 bit conversion
[+] http://0177.00.00.01
[+] http://00000000177.000000000.000000000.000000001
[+] http://0x7f.0x0.0x0.0x1
[+] http://0x000000007f.0x000000000.0x000000000.0x000000001
R4,R5 is OCT;
R6,R7 is HEX.
okay,it seems nothings to say
3.mixed conversion of INT and HEX
[+] http://0x7f.0x0.0x0.1
[+] http://0x7f.0x0.0.1
[+] http://0x7f.0.0.1
[+] http://127.0x0.0x0.0x1
[+] http://127.0.0x0.0x1
[+] http://127.0.0.0x1
nothings to say too
4.mixed conversion of INT and OCT
[+] http://0177.00.00.1
[+] http://0177.00.0.1
[+] http://0177.0.0.1
[+] http://127.00.00.01
[+] http://127.0.00.01
[+] http://127.0.0.01
nothings to say too*2
5.mixed conversion of INT , HEX , OCT or Fusion of the two parts in middle
[+] http://0x7f.0x0.1
[+] http://0x7f.1
[+] http://0177.00.1
[+] http://0177.1
[+] http://0x7f.00.1
[+] http://0177.0x0.1
6. to IPv6
[+] http://::ffff:7f000001
[+] http://0:0:0:0:0:ffff:7f000001
[+] http://0000:0000:0000:0000:0000:ffff:7f000001
[+] http://0000:0000:0000:0000:0000:ffff:127.0.0.1
::ffff:
or ::0:0:0:0:0:ffff:
or ::0000:0000:0000:0000:0000:ffff:
or ::0000:0000:0000:0000:0000:ffff:
merge with THE OCT of IP which you input or The same as what you input
Summary
what can we learn from it?
First,the RegEx.
Seconde,the way to convert the IP address to bypass somethings,such as waf.