I was checking out the new bit.ly URL shortening service from Betaworks.
I started wondering how random the URLs from these URL-shortening services could be. I wrote a tiny script the other day to turn URLs given on the command line into short URLs via is.gd:
import urllib, sys
for arg in sys.argv[1:]:
‘http://is.gd/api.php?longurl=’ + arg).read()
I ran it a couple of times to see what URLs it generated. Note that you have to use a new URL each time, as it’s smart enough not to give out a new short URL for one it has seen before. I got the sequence http://is.gd/JzB, http://is.gd/JzC, http://is.gd/JzD, http://is.gd/JzE,…
That’s an invitation to some minor mischief, because you can guess the next URL in the is.gd sequence before it’s actually assigned to redirect somewhere.
We can ask bit.ly for a short URL that redirects to our predicted next is.gd URL. Then we ask is.gd for a short URL that redirects to the URL that bit.ly gives us. If we do this fast enough, is.gd will not yet have assigned the predicted next URL and we’ll get it. So the bit.ly URL will end up redirecting to the is.gd URL and vice versa. In ugly Python (and with a bug/shortcoming in the nextIsgd function):
‘http://bit.ly/api?url=’ + url).read()
‘http://is.gd/api.php?longurl=’ + url).read()
last = url[-1]
if last == ‘z’:
next = ‘A’
next = chr(ord(last) + 1)
return url[:-1] + next
return ‘http://www.a%s.com’ % \
”.join(map(str, random.sample(xrange(100000), 3)))
isgdURL = isgd(randomURI())
print ‘Last is.gd URL:’, isgdURL
nextIsgdURL = nextIsgd(isgdURL)
print ‘Next is.gd URL will be:’, nextIsgdURL
# Ask bit.ly for a URL that redirects to nextIsgdURL
bitlyURL = bitly(nextIsgdURL)
print ‘Step 1: bit.ly now redirects %s to %s’ % (
# Ask is.gd for a URL that redirects to that bit.ly url
isgdURL2 = isgd(bitlyURL)
print ‘Step 2: is.gd now redirects %s to %s’ % (
if nextIsgdURL == isgdURL2:
print ‘Epic FAIL’
This worked first time, giving:
Step 1: bit.ly now redirects http://bit.ly/fkuL8 to http://is.gd/JA9
Step 2: is.gd now redirects http://is.gd/JA9 to http://bit.ly/fkuL8
In general it’s not a good idea to use predictable numbers like this, which hardly bears saying as just about every responsible programmer knows that already.
is.gd wont shorten a tinyurl.com link, as tinyurl is on their blacklist. So they obviously know what they’re doing. The bit.ly service is brand new and presumably not on the is.gd radar yet.
And finally, what happens when you visit one of the deadly looping redirect URLs in your browser? You’d hope that after all these years the browser would detect the redirect loop and break it at some point. And that’s what happened with Firefox 3, producing the image above.
If you want to give it a try, http://bit.ly/fkuL8 and http://is.gd/JA9 point to each other. Do I need to add that I’m not responsible if your browser explodes in your face?