I'm running Snort which detects some P2P activity, specifically the BitTorrent announce request. I see the HTTP GET /announce.php?info_hash=XXX... request and I'm trying to convert this XXX into a proper SHA1 hash to try and get an idea of what is being downloaded.
I've read various things that say this is URL encoded, and others that say just remove the % character - however I am unable to reproduce this.
Can anyone suggest how to do this?
Okay, know I know.
info_hash
is an SHA1 hash. And an example of it is:%5d%97%dbA%d7a%2b%92%f5%c2%ef%dcv%bf%e7%e6%03%24%85%0a
. If you use$_GET['info_hash']
, it will not work, because of the%
s. You need to use$_SERVER['QUERY_STRING']
. Code example how to get SHA1 hash of info_hash in PHP:Hash: %5d%97%dbA%d7a%2b%92%f5%c2%ef%dcv%bf%e7%e6%03%24%85%0a -> 5d97db41d7612b92f5c2efdc76bfe7e60324850a