HXXP browser protocol

Sean Harlow sean at seanharlow.info
Thu Sep 13 21:27:37 UTC 2012

Fur further reference, wiki gives the following reasons for hxxp or other similar methods of URL obfuscation:

Some of the uses of this method include:
* to avoid passing the HTTP referrer header which would reveal the referring web site to the target.
* avoiding automated web crawlers from following the links. While effective, legitimate web crawlers can be avoided through the use of a robots exclusion standard on the target web site. To avoid advancing the search engine rank of the target web site, nofollow attributes can be used instead.
* to bypass overzealous link spam protection in, for example, blog comments.
* for making sure that a user doesn't accidentally click on a potentially harmful link, in applications that automatically recognize links in plain text. Examples of this include "not safe for work" links.
* to avoid an application from downloading unwanted files, like advertisements or a malware. The method is directly change all 'http' to 'hxxp' in specific uncompressed .exe or .swf files with a hex editor.
Sean Harlow
sean at seanharlow.info

More information about the NANOG mailing list