• Diniz Martins

Expanding Shortened URLs With PowerShell

Shortened URLs are generated by services such as Bitly or TinyURL, and they take a long address and turn it into something like https://tinyurl.com/ycwcj8xd.

These are legitimate services as some URLs can be truly horrific but they are also often abused to disguise malicious addressees, or tracking and affiliate parameters that you may not wish to entertain. Often you simply want to see what site you’re being taken to before clicking on a link.


Let’s check it out:


Open your PowerShell as administrator and type:

function ExpandURL([string]$URL) {
    (Invoke-WebRequest -MaximumRedirection 0 -Uri $URL -ErrorAction SilentlyContinue).Headers.Location
}

▸ Type the commands below:

Invoke-WebRequest -MaximumRedirection 0 -Uri <your_short-url>
(Invoke-WebRequest -MaximumRedirection 0 -Uri <your_short-url> -ErrorAction SilentlyContinue).Headers

Let’s see it in action:

PS C:\> expandurl https://tinyurl.com/ycwcj8xd
https://www.stenge.info

The way these services work is through HTTP redirects, the browser takes you to the shortened URL, the service returns a HTTP 301 (Moved Permanently), and provides the actual URL in the return header which your client then follows. We can get in the middle of this process by telling PowerShell not to follow redirects using the -MaximumRedirection 0 option with Invoke-WebRequest, and then retrieving the real address from the headers.






29 views0 comments

Recent Posts

See All

Ping & Send WhatsApp Message

In this post we will show you how to create a ping monitoring tool and send the result message to your phone using WhatsApp. First you need to enable a developer mode on you Excel to make it works. No

Browser Extensions

You know what software your target is running but how do you determine what vulnerabilities it has? The whole point of l earning a target technology stack is so you can use this information to find as

NMAP | Essential Commands

Nmap or Network Mapper is undoubtedly the best reconnaissance tool used by modern penetration testers. This open-source application has come a long way since its inception and proved to be a game-chan