I realize this thread is over two years old, but it caught my attention because I have been looking into deobfuscation of evil URLs, and I believe this is not a good idea, particularly in a HTTP URL.

This field (called "userinfo") is defined in the general URI format in RFC 2396, but it is not used in the HTTP URL fomat described in RFC 2616. Nonetheless, most browsers will transmit this field unchanged, and most web servers will ignore it, but supply it to a CGI program as part of the "environment" data. Its chief application is intentionally obscuring the identity of the URL. It is used mainly by fraudsters and spammers for that purpose.

In addition, here is a quote from RFC 2396:

"It is clearly unwise to use a URL that contains a password which is intended to be secret. In particular, the use of a password within the 'userinfo' component of a URL is strongly disrecommended except in those rare cases where the 'password' parameter is intended to be public."

---

---

• Are you posting in the right place? Check out Where do I post X? to know for sure.
• Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:

  <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>

• Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
• Want more info? How to link or How to display code and escape characters are good places to start.