Tuesday, July 8, 2014

Using Punycode and Special Characters as Protection from Automated Systems: drunycode

1. Its been a while since I have posted anything on here, so I figured I would give some details on my latest projects that I posted on Github. You can see it here:

So, in essence what it is is a method to protect content delivery networks, code libraries, and image files from ddos software and penetration testing software (vulnerability scanners). Basically software written in a shell script or in C will have a hard time understanding unicode characters... especially software designed to work with or use valid urls. So basically, by using punycode (Internationalized Domain Names) to make your code libraries (all your external scritps, files, etc) in a IDN subdomain, you make it so that these scanners can't understand that they are real urls.

I have taken it a step further by adding special characters into the file names. This gets tricky, because some systems don't recognize certain characters in filenames, but many characters are pretty universally acceptable... for example all~my_java^script-code.js should work pretty universally, but also help encrypt the urls against potential automated attacking systems.

Altogether I call the method of encoding the urls and files: Drunycode

2. Since I realize I haven't posted much about my github projects on here I'll go ahead and talk about some of my shell scripts:

The one above is a heroku toolbelt installer for fedora. Basically, I was having trouble installing heroku's toolbelt on fedora, so I rewrote the bash installer for it. Mainly the problem was because fedora uses "yum install" instead of the "apt-get install" that debian-ubuntu uses. Another issue was with the ssh key. But for all purposes, the installer works if you are using fedora, red hat, opensuse, or centos.

In closing, here is a thought for the day: Why can the US government seize websites, ISP's shut down internet service for traffic is doesn't approve of, and domain providers shut down a site because it doesn't meet their expectations - BUT when a group of individuals shut down a site in protest (a constitutional right) it becomes illegal?

1 comment: