When I see a shortened URL, I'm always hesitant to click it because I don't know where the link is going to go. (In the worst case, it may lead to an XSS exploit against a site that I'm logged in to)
How can I tell where the link is going to go?
For example, if I see a link to http://tinyurl.com/3yjnm7y I can go to http://preview.tinyurl.com/3yjnm7y and see where the link is going to send me.
How can I do the same for other popular URL shortening services (like bit.ly or goo.gl)?
With goo.gl, you can add .info at the end of the shortened URL.
Example: http://goo.gl/l6MS.info
You can take any bit.ly link and add a + symbol to the end to see stats and details about the link. For example, I just found this link in my Twitter feed
if I add a + I end up at
which tells me the links will send me to
http://googleblog.blogspot.com/2010/06/extra-extra-google-news-redesigned-to.html
In the more general case you'll want to look for a browser plugin which unshortens links.
One option would be to open the link in Google Chrome's incognito mode; even if the link is malicious, it won't have access to your cookies. This isn't foolproof however; the link could be crafted to hide any errors if you're not logged in.
GetLinkInfo.com purports to work with "all" URL shorteners. Just drop the link in the field and press "Get Link Info".
If found, the site responds with:
You can use Curl to peek at redirected URLs:
curl -I https://t.co/0BACDYaBmU -I sends a HEAD request. Do not use -L / --location which will follow redirects. A sufficiently unique link will reveal to hosts past the redirect that it was followed (spammers could use it to get an IP address or confirm that an email address is in use). Some redirectors could reveal info about visits to interested parties anyway.
curl -I on his spam link ? Don't I "visit" the link, regardless of the command ? If not, please explain in a way that a complete layman can comprehend. Thank you. There are a number of URL expanders which should work for many of the 'better' URL shortening services out there. Many shortening providers do not have this preview functionality which you refer to in the question built in which means that these third party expanders are required.
I wrote a Google Mobilizer bookmarklet that lets links on your Twitter timeline (or any webpage) be opened with Google Mobilizer.
This lets you see minimalist, text-only content related to those pages from a proxy Google server so you don't have to fear about contracting malware from dubious links or running into security issues.
Here is a bookmarklet that uses getlinkinfo.com: javascript:(function(){ window.open('http://www.getlinkinfo.com/info?link='+prompt('what link do you wish to get info for?'))})();
I assume that you know how to install a bookmarklet. But jic, here are the instructions: https://support.mozilla.org/en-US/kb/bookmarklets-perform-common-web-page-tasks
Rather than try to modify the URL to see where it goes (which might not tell you much anyway), open it in another browser (for example Arora is a very simple on) in which you aren't logged-into those sites.
