3

Is anyone familiar with URL format like below?

https://www.facebook.com@www.cigital.com

https://www.facebook.com:@www.cigital.com

As you can see from visiting these URLs, you will be navigated to https://www.cigital.com/ instead of https://www.facebook.com.

Can someone shed some light on the URL format and why the www.facebook.com part is truncated?

unor
  • 92,415
  • 26
  • 211
  • 360
yasi
  • 451
  • 7
  • 18

1 Answers1

3

It's an HTTP authentication scheme to send an authorization header along with a request.

https://<username>:<password>@domain.com

If no authentication required, it is usually effectively the same as an ordinary GET request to https://domain.com.

A URL like https://www.facebook.com@www.cigital.com/ looks like phishing to me; it was made to intentionally deceive someone into believing the destination was somewhere at facebook.com but actually led to someplace else.

sytech
  • 29,298
  • 3
  • 45
  • 86
  • 1
    According to https://en.wikipedia.org/wiki/Uniform_Resource_Identifier#Syntax, A generic URI is of the form: scheme:[//[user:password@]host[:port]][/]path[?query][#fragment] – yasi Oct 27 '16 at 01:55