Hide php extension for social engineering purpose

First thoughts when see these url :
http://www.mydomain.com/about.pl

this site use perl

http://www.mydomain.com/about.cfm

this site use cfm

http://www.mydomain.com/about.htm

http://www.mydomain.com/about.html

then you might think about ordinary htm/html file

is it true?

the answers are : maybe yes and maybe no 🙂

how about this?

http://www.mydomain.com/about.exe

http://www.mydomain.com/about.us

whats? new language for web

yeah, that’s my first impression till I know about this apache directive on httpd.conf :

AddType application/x-httpd-php .php

You can add extension as much as you can, depends on requirements;

for promotion purpose : .mycompanyname for file extension

or using :

.htm .html .asp .jsp for social engineering purpose

just add

AddType application/x-httpd-php .php .mycompanyname .cocacola .pepsi

AddType application/x-httpd-php .php .htm .html .asp .jsp

save the file (httpd.conf) and restart your apache

voila!

You are U 🙂

Learning On Demand