ObfuscatorRelik v1.0 Released!

Initial release of my Obfuscator Relik! I still need to test it, but I figured I might as well release the code.

This simple Java applet will use a few URL obfuscation methods to mask a URL. This isn’t meant to be anything earth shattering, but maybe useful. It does more than basic URL encoding (although it does that). Some of its obfuscation methods include:

-IP-to-Dword/Hex/Octal coversions
-Masking via credentials portion of URL
-Partial IP masking
-Large number IP addressing (although this doesn’t work on all browsers).
-Salted versions of the previous
-More…

The jar includes the source of the Obfuscation class. I built it to be portable for usability in other applications. I hope its useful for people. It is theoretically capable of bypassing WebSense and other filters.

In the future look forward to a Chrome/Firefox extension that will automate the the obfuscation on the fly while browsing.

Also, When I have some time ill try to build a Java browser that bypasses filters by not passing headers.

I enjoyed writing the tool. I am going to try and host it as an integrated applet on the blog; but as of now I have not figured out how to upload the jar onto wordpress. So currently, you can find the complete code here on sourceforge:

ObfuscatorRelik.jar

I will also paste the Obfuscator class here:


import java.io.UnsupportedEncodingException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.HashMap;

/*
* I was originally going to create this class using an Application Controller. However,
* I figured that this class could eventually be used as a separate class integrated into other projects.
* In those cases, having a static method would be better suited without having to create an object. Also,
* because the actual obfuscation is pretty simple, the time loss wont be too bad.
*
* I may regret this choice in the future, but as of now it suits me. However, my Java professor might be disgusted.
*/

//TODO: Fix the try/catches for all of the hex/dword/octal conversions
//TODO: allow for trailing pages "www.whatever.com/whatever/whatever"
//TODO: Domain in hex format

public class Obfuscator {

public static final int LEVELS_OF_OBFUSCATION = 8;
public static final int DEFAULT_RANDOM_SIZE = 8;
public static final String ALPHABET="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890";
public static final String SALT = "http://www.google.com";
public static HashMap encoder = fillEncoder();



public static String obfuscate(int oLevel, String lastObfuscation, String originalUrl) {

switch (oLevel) {

case 1:
try {
return obfuscateToIp(originalUrl);
} catch (UnknownHostException e) {
e.printStackTrace();
return "FAILED: Could Not Resolve to IP";
}

case 2:
return obfuscateToLogin(originalUrl, DEFAULT_RANDOM_SIZE);

case 3:
try {
String[] otv = obfuscateToIpVariants(originalUrl);
return " Dword:" + otv[0] + "\n"
+ " Hex:" + otv[1] + "\n"
+ " Octal:" + otv[2] + "\n";
} catch (UnknownHostException e) {
e.printStackTrace();
return "FAILED: Could not Resolve to IP for conversion!";
}

case 4:
try {
return obfuscateToLargeDottedDec(originalUrl);
} catch (UnknownHostException e1) {
e1.printStackTrace();
return "FAILED: Could not Resolve to IP for conversion!";
}

case 5:
try {
String[] otg = obfuscateToSaltedVariants(originalUrl, SALT, false);
return " Dword:" + otg[0] + "\n"
+ " Hex:" + otg[1] + "\n"
+ " Octal:" + otg[2] + "\n";
} catch (UnknownHostException e) {
e.printStackTrace();
return "FAILED: Could not Resolve to IP for conversion!";
}

case 6:
try {
return obfuscateToEncodedCharacters(originalUrl);
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
return "FAILED: Improper encoding";
}

case 7:
try {
String[] otg = obfuscateToSaltedVariants(originalUrl, SALT, true);
return " Dword:" + otg[0] + "\n"
+ " Hex:" + otg[1] + "\n"
+ " Octal:" + otg[2] + "\n";
} catch (UnknownHostException e) {
e.printStackTrace();
return "FAILED: Could not Resolve to IP for conversion!";
}

case 8:
try {
return obfuscateToIpDwordPartial(originalUrl) + "\n"
+ obfuscateToIpDwordPartial(originalUrl, SALT, false) + "\n"
+ obfuscateToIpDwordPartial(originalUrl, SALT, true);
} catch (UnknownHostException e) {
e.printStackTrace();
return "FAILED: Could not Resolve to IP for conversion!";
}
}
return "FAILED/INVALID";

}

/*
*
* Dword obfuscation
*
*/

public static Integer ipToDword(String target) throws UnknownHostException{
String[] ip = InetAddress.getByName(target.replaceFirst("https?://", "")).getHostAddress().split("\\.");
return (Integer)((Integer.parseInt(ip[0]) * 256 + Integer.parseInt(ip[1])) * 256 + Integer.parseInt(ip[2])) * 256 + Integer.parseInt(ip[3]);
}

public static String obfuscateToIpDword(String target) throws UnknownHostException{
return "http://" + ipToDword(target).toString();
}
public static String obfuscateToIpDword(String target, String salt, boolean b) throws UnknownHostException{
String marker = "@";
if(b){
marker = "%40";
}
return obfuscateToIpDword(target).replace("://", "://" + salt + marker);
}

public static String obfuscateToIpDwordPartial(String target)throws UnknownHostException{
String[] ip = InetAddress.getByName(target.replaceFirst("https?://", "")).getHostAddress().split("\\.");
return "http://" + ip[0] + "." + ip[1] + "." + (Integer) Integer.parseInt(ip[2]) * 256 + Integer.parseInt(ip[3]);

}

public static String obfuscateToIpDwordPartial(String target, String salt, boolean b)throws UnknownHostException{
String marker = "@";
if(b){
marker = "%40";
}
return obfuscateToIpDwordPartial(target).replace("://", "://" + salt + marker);
}

/*
*
* Hex Obfuscation
*
*/
public static String obfuscateToIpHex(String target)throws UnknownHostException{
return "http://" + Long.toHexString(ipToLong(target));
}

//TODO: Should look like "0xCE.0xBF.0x9E.0x37 OR 0xCeBF9e37 OR 0x9A3F0800CEBF9E37
public static String obfuscateToIpHex(String target, String salt, boolean b)throws UnknownHostException{
String marker = "@";
if(b){
marker = "%40";
}
return obfuscateToIpHex(target).replace("://", "://" + salt + marker);
}

//TODO:
/*
*public static String obfuscateToIpHexPartial(String target)throws UnknownHostException{
* return "";
*
*}
*
*public static String obfuscateToIpHexPartial(String target, String salt)throws UnknownHostException{
* return "";
*
*}
*/

/*
*
* Octal Obfuscation
* NOTE: Make sure these return values with leading '0's
*/
public static String obfuscateToIpOctal(String target)throws UnknownHostException{
String[] ip = InetAddress.getByName(target.replaceFirst("https?://", "")).getHostAddress().split("\\.");
StringBuilder result = new StringBuilder();
for(int i = 0; i < ip.length ; i++){
result.append(Integer.toOctalString(Integer.parseInt(ip[i])));
}

return "http://&quot; + result.toString();
}

public static String obfuscateToIpOctal(String target, String salt, boolean b)throws UnknownHostException{
String marker = "@";
if(b){
marker = "%40";
}
return obfuscateToIpOctal(target).replace("://", "://" + salt + marker);
}

/*
* TODO:
*public static String obfuscateToIpOctalPartial(String target) throws UnknownHostException{
* return "";
*}
*
*public static String obfuscateToIpOctalPartial(String target, String salt) throws UnknownHostException{
* return "";
*}
*/

/*
*
* Random obfuscation techniques
*
*/

// Most basic, simply resolves the IP address
public static String obfuscateToIp(String target) throws UnknownHostException{
try {
return "http://&quot; + InetAddress.getByName(target.replaceFirst("https?://", "")).getHostAddress();
} catch (UnknownHostException e) {
e.printStackTrace();
throw e;
}
}

//Prepends random characters in the login portion of the http request
public static String obfuscateToLogin(String target, int length){
return target.replace("://", "://" + generateRandomString(length) + "@" );
}

public static String[] obfuscateToIpVariants(String target) throws UnknownHostException{
try {
String[] result = {obfuscateToIpDword(target)
, obfuscateToIpHex(target)
, obfuscateToIpOctal(target)};
return result;
} catch (UnknownHostException e) {
e.printStackTrace();
throw e;
}
}

//Adds 256 to each octet of the IP address. Standard handling should drop everything beyond the 8th bit, thus resolving to
//its normal value.
//May be depricated in most browsers
public static String obfuscateToLargeDottedDec(String target)throws UnknownHostException{
String[] ip = InetAddress.getByName(target.replaceFirst("https?://", "")).getHostAddress().split("\\.");
StringBuilder result = new StringBuilder();
for(int i = 0; i < ip.length; i++){
result.append((Integer.parseInt(ip[i])+256)+ ".");
}
return result.toString();
}

// Encodes the URL
//
//ex: http://%57%57%57.%50%43%47%55%49%44%45.%43%4F%4D
public static String obfuscateToEncodedCharacters(String target) throws UnsupportedEncodingException{
StringBuilder result = new StringBuilder("http://&quot;);
char[] targetAsChar = target.replace("http://&quot;, "").toLowerCase().toCharArray();
for(int i = 0; i < targetAsChar.length; i++){
result.append(encoder.get(targetAsChar[i]));
}
return result.toString();
}

//Prepends http://www.google.com or another salt to the dword/hex/octal version of target IP address
//
//ex: http://www.google.com@/
public static String[] obfuscateToSaltedVariants(String target, String salt, boolean b) throws UnknownHostException{
try {
String[] result = {obfuscateToIpDword(target,salt, b)
, obfuscateToIpHex(target,salt, b)
, obfuscateToIpOctal(target,salt, b)};
return result;
} catch (UnknownHostException e) {
e.printStackTrace();
throw e;
}
}

/*
*
* Utility methods for helping with obfuscation
*
*/

//Creates a random string of numbers and characters
public static String generateRandomString(int size){
int character;
int count = 0;
StringBuilder randomString = new StringBuilder();

do {
character=(int)(Math.random()*62);
randomString.append(ALPHABET.substring(character, character+1));
count++;
} while (count = 0; i--) {
result |= (Long.parseLong(ip[3 - i]) << (i * 8));
}
return result & 0xFFFFFFFF;
}

//There has GOT to be a better way to do this
private static HashMap fillEncoder(){
encoder = new HashMap();
String[] encoded = {"%61","%62","%63","%64","%65","%66","%67","%68","%69","%6A","%6B","%6C","%6D","%6E","%6F","%70","%71","%72","%73","%74","%75","%76","%77","%78","%79","%7A","%31","%32","%33","%34","%35","%36","%37","%38","%39","%30","%2D","/","."};
char[] key = {'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','1','2','3','4','5','6','7','8','9','0','-','/','.'};
for(int i = 0; i < encoded.length; i++){
encoder.put(key[i], encoded[i]);
}
return encoder;
}
}

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: