You can't steal cloaked pages that are being served based on IP address. However, if they are being served by User Agent then it is possible to make the script give up the cloaked page. All that is required is a browser that allows you to change User Agents or a script that retrieves the page using a User Agent, you then simply specify the agent of the search engine you want to pretend to be.

>>>You can't steal cloaked pages that are being served based on IP address.

Sure you can. The trick is knowing how to make a search engine feed you the contents of a cloaked page.

>The trick is knowing how to make a search engine feed you the contents of a cloaked page.

That's very different from seeing a page not intended for you where the cloaking is well done, I'm not talking about cached stuff here, I'm talking about getting any page for any search engine that is being served by IP address.

Air, I wasn't referring to any cache. In fact, I have decloaked the site listed in your profile before (just for fun!). I must admit, the spidered content was a very fair representation of the content fed to the visitor (e.g. strip the excess HTML and sticking to text).

KeyMaster wrote:

>>>Sure you can. The trick is knowing how to make a search engine feed you the contents of a cloaked page.
>>>

Well, that would be a handy trick to know.

I detect IP address using PHP4 and match it against a database of known Spiders. If I have a match, a "special" page is shown. Care is taen that titles and meta tags are the same on the "cloaked page and the real page so as not to raise suspicion.

Tell me, KeyMaster...
Do you know how this is done? (viewing pages cloaked by IP address)?

Thanks,
Friday

> I have decloaked the site listed in your profile before

er ... ok.

Actually the site behind the visible one is my old site, many images, html and all, but you probably didn't see the graphics using a spider.

Handing out decloaking tricks isn't something I'd really enjoy reading here. We've done it a few times, and regretted both.

I sure would like some information, Brett. Not to do it, but to protect against it. I was under the impression that it couldn't be done, unless you count accessing a cache somewhere. If it can be done, what good does hiding the information do?

"but to protect against it"

Make sure you don't feed translator spiders the cloaked pages..

> You can't steal cloaked pages that are being served based on IP address

Sadly this is not true. You can't legally do it, but then again, you can't legally steal either can you.

IP spoofing is illegal (in some countries but not all), but is common enough in hacker circles. It is done, like all exploits, by knowing the protocols involved and then exploiting weaknesses in them. In this case, it is the DNS protocol you are exploiting, and it merely takes knowledge.

Ammon Johns

Yes, translators are capable of delivering cloaked content if not protected against.

I guess a weakness in the protocols themselves cannot be compensated for if an IP is being spoofed, at least not at the server-side scripting level.

If you are talking 2-way ip spoofing, I'd like to read a resource about that. As far as I know, only the outbound ip can really be spoofed, while the return will go back to the "alleged" ip. (eg: it's only one way - send ok, but no receive).

Ck your email Dan.

Brett you're right about the return packets being sent to the stated IP. They simply use packet sniffers to snatch them en-route.

>You can't legally do it, but then again ...

You gotta admit that's a lot of trouble to go through unless you really want that page, but then using that criteria nothing is safe. If you discount cached pages and Translator IP's the pages are pretty safe when served by IP.

>If you are talking 2-way ip spoofing

Brett the usual way is to create a DOS on the machine that should be receiving the return packet for that IP, when the ip sequence number is correctly responded to by an alternate machine which has been compromised on the same network and under control of the spoofer, it can receive the packets intended for the machine that is now under DOS. Most of the TCP/IP sequencing algorithms these days protect against that type of spoofing.