Reduce arbitrary links with G.CO

Google, recently launched a service to shorten links - G.CO . The service is intended for internal Google services, at the moment it is supported only by Google Maps. There it is possible to shorten the long address of the card. I immediately had a desire to play around with this thing, or rather, shorten the external URL. You can read about how I succeeded in this article.

We catch the request

The first thing that occurred to me was to catch an HTTP request to the server and replace the value of the long address. For this, I used HTTP sniffer. Google sends here such a POST request to shorten the link:

http://maps.google.ru/maps/urlshortener?q=http:%2F%2Fmaps.google.ru%2F%3Fll%3D55.354135,40.297852%26spn%3D28.518959,86.572266%26z%3D4%26vpsrc%3D0&abauth={уникальное значение}&authuser=0

And a similar response comes from the server:

{short_url:"http://g.co/maps/a9qd", status_code:0}

Unfortunately, if you replace the q value with an arbitrary one, Google will not shorten the link, but will return the link that we sent him, for example:

{short_url:"http://habr.ru/", status_code:0}

Will not work. Let's think further ...

We are looking for a redirect

The second idea is to find a redirect from maps.google.com to an external site and try to shorten such a link. Unfortunately, the only redirect I found is maps.google.ru/url?q=http://yandex.ru, obviously, a redirect with a warning does not suit us, so we will look for another solution. By the way, if the redirect address is * .google.com / * , then the redirect works without any warning. Well, take this note;)

Google Sites

Another thought is to try to push the redirect code into the site created through this service . So, it’s clear that Google’s arbitrary javascript will not allow you to insert it, so in the page editing panel you need to select "Add additional gadgets" and in the gadget selection window find redirect , in the settings select the URL to which the gadget will redirect and set the delay to 0.

And here I thought, because the gadget is inside the iframe, it means that it works something like this:

top.location.href = "http://someurl.com/";

Yes, and that means that he will redirect the parent window!

Now we just have to find an iframe with a dynamic URL on the Google Maps service.

Looking for an iframe on Google Maps

As I expected, I did not have to search for a long time. Iframe was found here:

Here is its address.
Obviously, here you just need to replace the url parameter, but here again the problem is the url that opens inside the iframe can only be on the maps.google.com domain. And here we use our redirect! We get this address:

http://maps.google.ru/maps/empw?url=http://maps.google.com/url?q=https://sites.google.com/site/{yoursite}

In a nutshell, what’s going on here:
At maps.google.com/maps/empw, an iframe opens, which filters src (allowed only for the maps.google.com domain), we bypass this filter through the redirect maps.google.com/ url And maps.google.com/url redirects the email address to our Google website. On the Google website, in turn, the redirect gadget of the parent browser window is located.

Try to shorten this address, helmet request

http://maps.google.ru/maps/urlshortener?q=http://maps.google.ru/maps/empw?url=http://maps.google.com/url?q=https://sites.google.com/site/{yoursite}&abauth={уникальное значение}&authuser=0

Everything works! Excellent.

Living example.