
Shrturl: Faking the web since 1942 - priteshjain
http://shrturl.co/
======
gone35
It seems it's been shut down already [1] --apparently after threats of legal
action. I can see though how such a site would easily become a major liability
honeypot for anyone.

[1] [http://t.co/ctKD8VcLpp](http://t.co/ctKD8VcLpp)

~~~
sharth
Note that this is faked a page using the tools that this site offers.

That is, the site is not shutting down.

~~~
billmalarky
Come on man, really?

------
jawns
I think a lot of us have come up with variations on this idea over the years.
(I know I have. The holy grail is surreptitiously installing a Greasemonkey
script on a co-worker's computer, so that the URL is the real URL.)

But what's changed in the last year or two is that people are now much more
familiar with URL shortener links. Every major media site is using them, and
just about everybody understands what their purpose is.

I can totally see how someone who would spot a phishing page from a mile away
because of the strange URL might overlook the fact that a URL shortener
doesn't actually redirect you to the legit page, but rather presents a spoofed
version.

~~~
makmanalp
There's this kind of prank too:
[https://chrome.google.com/webstore/detail/ncage/hnbmfljfohgh...](https://chrome.google.com/webstore/detail/ncage/hnbmfljfohghaepamnfokgggaejlmfol?hl=en)

------
roryokane
An example of a link to a GitHub page:
[http://shrturl.co/VUYHJ](http://shrturl.co/VUYHJ). (Original:
[https://github.com/mozilla/rust/issues/14657](https://github.com/mozilla/rust/issues/14657)
.)

I see that SHRTURL deleted the page title, which users might also notice – but
it’s better than keeping the original title, which would now be wrong. SHRTURL
also can’t handle GitHub’s custom font with which they render their icons, so
the site logo is missing. And you are logged out in the linked page, which is
pretty visible, but there’s no way SHRTURL could get around that.

~~~
allochthon
The OP's site is really clever. Your Github page shows that it significantly
lowers the barrier to MTM attacks. I wonder what ways there are to protect
users against this kind of spoofing.

~~~
eli
Check the URL bar carefully?

~~~
valarauca1
Indeed, an actual link shortener would show github.com/yada/yada/yada. Since
it only redirects you. Notice shrturl.co doesn't.

------
jxf
Unsophisticated journalists routinely fall for Onion articles getting picked
up as actual news items.

I can only wonder how often they're going to get pranked by something that
really does look like a news site but for a subtle change.

~~~
gedrap
Oh yeah. What amuses me even more is people finding a link to Onion-style blog
post and not realising that it's parody/sarcasm/whatever (e.g. Swedish House
Mafia is sued by Swedish Mafia for copyright infringement).

Sometimes I point that out, and usually get a response "how do you know it's
not real? do you know all the news of the world?". People like that make me
believe in the trolling power of this tool.

~~~
iak8god
You might like this:
[http://literallyunbelievable.org/](http://literallyunbelievable.org/)

------
iamthepieman
This is pretty funny and well done - but doesn't a real short url just
redirect to the original so you end up with the full url in your browser bar?

Of course we all know how much attention most people pay to what their browser
is telling them.

~~~
kndyry
Well, and given recent UI changes to the address bar from both Apple [0] and
Google [1] - I'd say that people will begin paying even less attention to
URLs.

Trolls rejoice.

[0] [http://appleinsider.com/articles/14/06/04/os-x-yosemite-
firs...](http://appleinsider.com/articles/14/06/04/os-x-yosemite-first-look-
safari-8-smart-search-advanced-tab-controls-more)

[1] [http://www.zdnet.com/google-experimenting-with-hiding-
urls-i...](http://www.zdnet.com/google-experimenting-with-hiding-urls-in-
chrome-7000029068/)

~~~
orthecreedence
Removing [http://](http://) from the url was bad enough. Now they are going to
only show the domain? I'm so glad I don't use chrome anymore. It's this kind
of obnoxious "we know better than you and won't let you configure otherwise"
bullshit that made me hate it.

~~~
Justsignedup
Even if it was customizable, the defaults is something most people don't
change.

Case and point: IE Toolbars. People hate them but never remove them. Ever.
Even as those toolbars are making their browser take minutes to load any page.

~~~
BrandonLive
That used to be true, but these days IE is pretty aggressive about disabling
things, and telling you when they're slowing you down. Doesn't help everyone
but seems to help some.

------
bitdestroyer
If you're feeling particularly nefarious, run the URL that Shtrurl.co gives
you through often used and more readily "trusted" shorteners like bit.ly or
tinyurl.com.

------
dopamin3
Here's one (Amazon's new phone, title from a /r thread):
[http://shrturl.co/Wme7K](http://shrturl.co/Wme7K)

~~~
mVChr
Dying here, nice start to the morning, thanks

------
jacquesm
We had one of these posted earlier today about AH buying YC:

[https://news.ycombinator.com/item?id=7851238](https://news.ycombinator.com/item?id=7851238)

~~~
Dragonai
I'm the one who wrote that. :) It was meant to be a joke to get some twitch
reactions out of a few friends, but apparently spread like wildfire.

TechCrunch reached out earlier this morning. They are not happy with me.

~~~
jacquesm
Apologies for flagging it but it looked good enough that I thought some real
damage might come of it. YC being implicated in a thing like that would have
looked really bad.

You really shouldn't have used a real persons by-line there, that made it much
more believable. Still, kudos for the prank, it _was_ funny, especially the
insane valuation.

~~~
Dragonai
Oh I wasn't the one who submitted it to HN, I really only meant for it to
deceive my friends, haha. I understand though! Fine by me.

And thanks! Glad you enjoyed it. I've resolved it with the reporter in
question, we're all good.

------
chrisweekly
PaaS? (Phishing as a Service)?

Yikes.

~~~
notahacker
[http://shrturl.co/b8K5E](http://shrturl.co/b8K5E)

------
InclinedPlane
One suggestion. Put an annoying top menu / banner up and pretend to load the
target content in a frame. There are some url shorteners / sites that do that
sort of thing. To a lot of people it will be annoying, but it will hide the
fact that they're not actually being served from the target web site.

------
dmix
Tried it on hacker news: [http://shrturl.co/AtYui](http://shrturl.co/AtYui)

~~~
valarauca1
Fun FF29.0.1 (windows 7) doesn't apply I'm guessing link CSS so everything is
bright blue links looks really fake. Refreshed the page a few times to check,
it stayed.

~~~
owenversteeg
Nah, it's also on Chromium on Arch. It looks like (via the requests panel)
it's not loading news.css for some reason, even though it's in the source.

------
mavus
Anything from shrturl.co appears to be blocked at work for me. So I guess we
already don't trust it.

------
chm
Error:

    
    
        Warning: file_get_contents() [function.file
        get-contents]: php_network_getaddresses: getaddrinfo
        failed: Name or service not known in /nfs/c04/h02/mn
        /180736/domains/shrturl.co/html/create.php on line 18
    
        Warning: file_get_contents(http://gnehmeh)
        [function.file-get-contents]: failed to open stream:
        php_network_getaddresses: getaddrinfo failed: Name or
        service not known in /nfs/c04/h02/mnt/180736/domain
        /shrturl.co/html/create.php on line 18

------
MichaelAza
This is really funny, but some points for improvement:

1\. The editing UI is a bit shaky, for example - not handling links that
great.

2\. It doesn't replicate a site perfectly (This shows even on simple sites
like HN)

3\. If you click on a link you go back to the original site.

A modest proposal for improvement - check out TOMODO
API.([http://tomodo.com/api/](http://tomodo.com/api/)).

Their site allows for exactly this kind of modification but, being a
commercial startup, is much more polished. They already solved problems 2 and
3 for you and you can use that tech through the API.

------
flurpitude
Bitdefender Free Edition blocks [http://shrturl.co/](http://shrturl.co/) (says
it's phishing) but doesn't block
[http://shrturl.co/AtYui](http://shrturl.co/AtYui) or other short URLs
generated with the site. Seems like pretty poor logic.

------
calbear81
I can think of a nefarious way to use this: Amazon.com price matching at brick
and mortar stores like Target.

Step 1 - Find a product you want to buy

Step 2 - Shorten it and change the price manually to a "believable" number

Step 3 - Go into Target and show the price to a customer service agent
(usually not tech saavy) and they will see that it looks like Amazon.

Step 4 - Profit???

------
Aoyagi
Well, every shortened URL I want to access goes through
[http://unshort.me/](http://unshort.me/) . Not only I don't like surprises,
but I also hate being tracked for no reason and I'm hoping unshort.me doesn't
send everything their way anyway.

------
randunel
Gotta` prepare for HN dude...

Warning: mysqli::mysqli() [mysqli.mysqli]: (42000/1203): User db180736 already
has more than 'max_user_connections' active connections in
/nfs/c04/h02/mnt/180736/domains/shrturl.co/html/inc/bootstrap.php on line 18

~~~
moontear
Not only that. Gotta prepare to never show messages like this. User 'db180736'
is a bit too much information for the outside world.

------
chris_mahan
I just make my own urls look correct, easy, and easy to type (not 988
characters of goop).

------
jedisct1
Tech from 1942...

Warning: mysqli::mysqli() [mysqli.mysqli]: (42000/1203): User db180736 already
has more than 'max_user_connections' active connections in
/nfs/c04/h02/mnt/180736/domains/shrturl.co/html/inc/bootstrap.php on line 18

Warning: mysqli::real_escape_string() [mysqli.real-escape-string]: Couldn't
fetch mysqli in /nfs/c04/h02/mnt/180736/domains/shrturl.co/html/view.php on
line 6

Warning: mysqli::query() [mysqli.query]: Couldn't fetch mysqli in
/nfs/c04/h02/mnt/180736/domains/shrturl.co/html/view.php on line 7

Fatal error: Call to a member function fetch_object() on a non-object in
/nfs/c04/h02/mnt/180736/domains/shrturl.co/html/view.php on line 9

------
priteshjain
TNW article [http://thenextweb.com/dd/2014/06/05/shrturl-co-youll-
never-t...](http://thenextweb.com/dd/2014/06/05/shrturl-co-youll-never-trust-
shortener/)

------
gioele
Reminds me of the great prank vaticano.org in 1998:
[http://0100101110101101.org/vaticano-
org/](http://0100101110101101.org/vaticano-org/)

A real piece of art.

------
Paul-Troll
[http://tinyur1.co](http://tinyur1.co) is a better alternative, don't you
think?

------
DesaiAshu
Could turn this into a way for marketers to tweak a page before sending out an
email or social media blast

~~~
unfunco
It could but should not. A better product for that might be Optimizely, where
you can use your actual URL. However, I once worked with an extremely
obsessive owner of a business and she sat by me each time I made any changes
to the copy on the website to make sure it flowed correctly when in situ, I
would have sent this to her to make my life a little easier had it existed
back then.

------
Paul-Troll
[http://tinyur1.co](http://tinyur1.co) is the alternative!

------
gregimba
[http://shrturl.co/lwqKm](http://shrturl.co/lwqKm)

------
DogeDogeDoge
Opens world for kid phishers :)

Almost good, but no images (tried with google.com)

------
martin-adams
Lost all my work due to pressing the backspace key :(

------
retube
This is awesome!

------
verticalflight
Takes rickrolling to a whole new level.

------
good-citizen
really well done and funny. i like this power.

------
windowsuser
[http://shrturl.co/q93wy](http://shrturl.co/q93wy)

