Expanding Shortened URLs With PowerShell

Shortened URLs are generated by services such as Bitly or TinyURL, and they take a long address and turn it into something like https://tinyurl.com/ycwcj8xd.

These are legitimate services as some URLs can be truly horrific but they are also often abused to disguise malicious addressees, or tracking and affiliate parameters that you may not wish to entertain. Often you simply want to see what site you’re being taken to before clicking on a link.


Let’s check it out:


Open your PowerShell as administrator and type:

function ExpandURL([string]$URL) {
    (Invoke-WebRequest -MaximumRedirection 0 -Uri $URL -ErrorAction SilentlyContinue).Headers.Location
}

▸ Type the commands below:

Invoke-WebRequest -MaximumRedirection 0 -Uri <your_short-url>
(Invoke-WebRequest -MaximumRedirection 0 -Uri <your_short-url> -ErrorAction SilentlyContinue).Headers

Let’s see it in action:

PS C:\> expandurl https://tinyurl.com/ycwcj8xd
https://www.stenge.info

The way these services work is through HTTP redirects, the browser takes you to the shortened URL, the service returns a HTTP 301 (Moved Permanently), and provides the actual URL in the return header which your client then follows. We can get in the middle of this process by telling PowerShell not to follow redirects using the -MaximumRedirection 0 option with Invoke-WebRequest, and then retrieving the real address from the headers.






31 views0 comments

Recent Posts

See All

LibreNMS

LibreNMS is an open source, powerful and feature-rich auto-discovering PHP based network monitoring system which uses the SNMP protocol. It supports a broad range of operating systems including Linux,

Vulmap – Web Vulnerability

Vulmap is a vulnerability scanning tool that can scan for vulnerabilities in Web containers, Web servers, Web middleware, and CMS and other Web programs, and has vulnerability exploitation functions.

Vigenere Cipher

Vigenere Cipher is a method of encrypting alphabetic text. It uses a simple form of polyalphabetic substitution. A polyalphabetic cipher is any cipher based on substitution, using multiple substitutio