[12.24]a simple tool to obfuscate IP address

Today,When I browse through the twitter as usual,I found a simple tool which can Convert an IP address into Integer, Hexadecimal , Octal Or IPv6.
Here is the post of it:https://amp.kitploit.com/2018/12/ip-obfuscator-simple-tool-to-convert-ip.html?amp=1&m=1
Anddddd the github:https://github.com/C-REMO/Obscure-IP-Obfuscator
As a beginner,i wanna to make sense of it.Obvious it is easy to comprehend it.

Example

Use 127.0.0.1 as a example
在这里插入图片描述

RegEx Part

THE RegEx Part look like this:

for match in re.finditer(r'((?P<a>\d+)\.)((?P<b>\d+)\.)((?P<c>\d+)\.)'
                             '(?P<d>\d+)', ip)

The only one thing that i am not familiar with is ?P<a>
Oh,i guess it mean that rename the content which are regexed to ‘a’.
So,what it is Exactly mean?
Access to Python’s documentation,it say that:
‘’’
(?P<name>…)
Similar to regular parentheses, but the substring matched by the group is accessible via the symbolic group name name. Group names must be valid Python identifiers, and each group name must be defined only once within a regular expression. A symbolic group is also a numbered group, just as if the group were not named.

Named groups can be referenced in three contexts. If the pattern is (?P<quote>['"]).*?(?P=quote) (i.e. matching a string quoted with either single or double quotes):

Context of reference to group “quote”Ways to reference it
in the same pattern itself(?P=quote) (as shown)
\1
when processing match object mm.group(‘quote’)
m.end(‘quote’) (etc.)
in a string passed to the repl argument of re.sub()\g
\g<1>
\1

‘’’
So it just similar to regular parentheses,But it can use name to be matched

Obfuscation

In this part,we will treat a IP ADDRESS as a.b.c.d,And the result of conversion will be called as R1,R2,R3...

1.look at the normal conversion

[+] http://2130706433
[+] http://0x7f000001
[+] http://017700000001

it converts 127.0.0.1 to Integer, Hexadecimal , Octal,
so for Integer,
R1 = a*2**8**3
R2 = hex(R1)
R3 = oct(R1)

Extra:
maybe you observe that no ‘o’ in the OCT value,the author use re.sub('o', '',string) to remove the ‘o’

2.make every 8 bit conversion

[+] http://0177.00.00.01
[+] http://00000000177.000000000.000000000.000000001
[+] http://0x7f.0x0.0x0.0x1
[+] http://0x000000007f.0x000000000.0x000000000.0x000000001

R4,R5 is OCT;
R6,R7 is HEX.
okay,it seems nothings to say

3.mixed conversion of INT and HEX

[+] http://0x7f.0x0.0x0.1
[+] http://0x7f.0x0.0.1
[+] http://0x7f.0.0.1
[+] http://127.0x0.0x0.0x1
[+] http://127.0.0x0.0x1
[+] http://127.0.0.0x1

nothings to say too

4.mixed conversion of INT and OCT

[+] http://0177.00.00.1
[+] http://0177.00.0.1
[+] http://0177.0.0.1
[+] http://127.00.00.01
[+] http://127.0.00.01
[+] http://127.0.0.01

nothings to say too*2

5.mixed conversion of INT , HEX , OCT or Fusion of the two parts in middle

[+] http://0x7f.0x0.1
[+] http://0x7f.1
[+] http://0177.00.1
[+] http://0177.1
[+] http://0x7f.00.1
[+] http://0177.0x0.1

6. to IPv6

[+] http://::ffff:7f000001
[+] http://0:0:0:0:0:ffff:7f000001
[+] http://0000:0000:0000:0000:0000:ffff:7f000001
[+] http://0000:0000:0000:0000:0000:ffff:127.0.0.1

::ffff: or ::0:0:0:0:0:ffff: or ::0000:0000:0000:0000:0000:ffff: or ::0000:0000:0000:0000:0000:ffff: merge with THE OCT of IP which you input or The same as what you input

Summary

what can we learn from it?
First,the RegEx.
Seconde,the way to convert the IP address to bypass somethings,such as waf.

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值